#VU101681 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Avahi - CVE-2024-52616

Cybersecurity Help s.r.o.

Published: 2024-12-11

Vulnerability identifier: #VU101681

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-52616

CWE-ID: CWE-337

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Avahi
Universal components / Libraries / Libraries used by multiple products

Vendor: avahi.org

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to software initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. A remote attacker can predict subsequent transaction IDs and perform DNS spoofing attack.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Avahi: 0.1 - 0.8

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2326429

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell VxRail Appliance 8.x update for third-party components

Dell SmartFabric Manager update for third-party components

SUSE update for avahi

DNS spoofing attack in Avahi