CVE-2008-5081

avahi < 0.6.24 - Denial of Service via mDNS Packet with Source Port 0

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5081. PoCs published by Jon Oberheide, including Metasploit module auxiliary/dos/mdns/avahi_portzero.

AI-analyzed exploit summary This exploit sends a crafted mDNS packet with a source port of 0 to trigger a failed assertion in Avahi's originates_from_local_legacy_unicast_socket() function, causing a denial of service (DoS). The PoC constructs a raw IP/UDP packet and sends it to the target.

Description

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Jon Oberheide · cdosmultiple
https://www.exploit-db.com/exploits/7520

This exploit sends a crafted mDNS packet with a source port of 0 to trigger a failed assertion in Avahi's originates_from_local_legacy_unicast_socket() function, causing a denial of service (DoS). The PoC constructs a raw IP/UDP packet and sends it to the target.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Avahi mDNS Daemon < 0.6.24
No auth needed
Prerequisites: Raw socket permissions (typically root)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/mdns/avahi_portzero.rb

This Metasploit module exploits a denial-of-service vulnerability in Avahi-daemon versions prior to 0.6.24 by sending a malformed mDNS packet with a source port of 0, causing the service to crash.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Avahi-daemon < 0.6.24
No auth needed
Prerequisites: Network access to the target's mDNS port (5353/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33220
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/12/14/1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33279
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-696-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1690
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32825
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7520
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200901-11.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33153
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33475
Various Sources x_refsource_confirm
http://avahi.org/milestone/Avahi%200.6.24

Scores

EPSS 0.7708
EPSS Percentile 99.0%

Details

CWE
CWE-399
Status published
Products (30)
avahi/avahi 0.1
avahi/avahi 0.2
avahi/avahi 0.3
avahi/avahi 0.4
avahi/avahi 0.5
avahi/avahi 0.5.1
avahi/avahi 0.5.2
avahi/avahi 0.6.1
avahi/avahi 0.6.2
avahi/avahi 0.6.3
... and 20 more
Published Dec 17, 2008
Tracked Since Feb 18, 2026