I am concerned about potential Ubuntu security vulnerabilities.

Apparently AVAHI is a native service on Ubuntu with the following properties:

"Avahi is a free Zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. It allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example you can plug into a network and instantly find printers to print to, files to look at and people to talk to."

Since my computer is a home computer and NOT a server, it is to my advantage to disable AVAHI.

Are there any other security vulnerabilities that I should disable?

Hello,

Avahi works on a local network. If you can't trust the local network, then you should think twice about connection to other machines - this is a general statement, not related to any OS in particular.

Furthermore, like any app / program / service, it gets periodically updated, so vulnerabilties should be covered there.

Third, it runs with little privileges, so no worries there.

From reading avahi vulnerabilities in the last 3 years, there have been only a few, mostly low risk, almost all locally exploitable.

Read this:
http://avahi.org/wiki/SecurityConsiderations

Especially the point ...
- Please keep in mind that Avahi is mostly used in local area networks and that it ignores traffic from non-local networks.

Lastly, run nmap on your localhost to see what ports are open.

All in all, I would not sweat it.

Mrk

Thankyou for the reply!

Can I disable it without causing future problems? (I don't see why I need avahi)