mailing list archives
Re: [NSE] Broadcast script to detect CVE-2011-1002 (Avahi NULL UDP DoS)
From: David Fifield <david () bamsoftware com>
Date: Thu, 10 Mar 2011 10:39:51 -0800
On Wed, Mar 09, 2011 at 11:17:20AM +0100, Djalal Harouni wrote:
Since the Avahi NULL UDP DoS  has been patched and since every one
can test this vulnerability with every tool that sends UDP packet.
I'm sharing an attached script that I wrote the other days to
automatically discover hosts on the local network using the DNS Service
Discovery protocol and test each host to see if it's vulnerable
(you will DoS your hosts or network). The script uses the prerule.
I thought this can help Nmap pen-testers. I've tested the script
on some default ubuntu machines and on an embedded device, yes avahi
can run on some embedded devices.
Does a normal Nmap UDP port scan also kill Avahi? I guess not, because
UDP payloads are enabled by default and we have one for port 5353. What
about with --data-length 0?
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/