Script broadcast-avahi-dos

Script types: prerule
Categories: broadcast, dos, intrusive, vuln
Download: https://svn.nmap.org/nmap/scripts/broadcast-avahi-dos.nse

Script Summary

Attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002).

The broadcast-avahi-dos.wait script argument specifies how many number of seconds to wait before a new attempt of host discovery. Each host who does not respond to this second attempt will be considered vulnerable.

Reference:

• http://avahi.org/ticket/325
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002

Script Arguments

broadcast-avahi-dos.wait

Wait time in seconds before executing the check, the default value is 20 seconds.

max-newtargets, newtargets

See the documentation for the target library.

dnssd.services

See the documentation for the dnssd library.

Example Usage

nmap --script=broadcast-avahi-dos

Script Output

| broadcast-avahi-dos:
|   Discovered hosts:
|     10.0.1.150
|     10.0.1.151
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|   Hosts that seem down (vulnerable):
|_    10.0.1.151

Requires

• dnssd
• nmap
• stdnse
• table

---

Author:

• Djalal Harouni

License: Same as Nmap--See https://nmap.org/book/man-legal.html