Executive Summary

Summary
Title OpenSLP denial of service vulnerability
Informations
Name VU#393783 First vendor Publication 2011-03-21
Vendor VU-CERT Last vendor Modification 2011-04-21
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#393783

OpenSLP denial of service vulnerability

Overview

OpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition.

I. Description

Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. The OpenSLP project is an effort to develop an open-source implementation of Service Location Protocol. When OpenSLP parses a SLP packet containing malformed extensions the extensions parser will enter an infinite loop causing a denial-of-service condition.

If an attacker creates a packet containing a "next extension offset" pointing to itself or to a previous extension, the extension's parser will enter an infinite loop consuming 100% of the CPU.

II. Impact

A remote unauthenticated attacker may be able to create a denial-of-service condition.

III. Solution

Upgrade or apply a patch from the vendor

Patches and updated versions of the software have been released to address this issue. Please see the Vendor Information section of this document for more information.


Users who compile their OpenSLP software from the svn distribution should checkout to the latest svn revision. According to the revision update this vulnerability has been resolved in revision 1647.

Vendor Information

VendorStatusDate NotifiedDate Updated
Novell, Inc.Affected2010-08-112011-01-14
SUSE LinuxAffected2010-10-072011-03-21
UbuntuAffected2011-04-21
VMwareAffected2010-08-122011-03-16

References

http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647
http://support.novell.com/security/cve/CVE-2010-3609.html
http://www.vmware.com/security/advisories/VMSA-2011-0004.html

Credit

Thanks to Nicolas Gregoire of Agarri for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:2011-03-21
Date First Published:2011-03-21
Date Last Updated:2011-04-21
CERT Advisory: 
CVE-ID(s):CVE-2010-3609
NVD-ID(s):CVE-2010-3609
US-CERT Technical Alerts: 
Severity Metric:0.58
Document Revision:22

Original Source

Url : http://www.kb.cert.org/vuls/id/393783

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13982
 
Oval ID: oval:org.mitre.oval:def:13982
Title: USN-1118-1 -- openslp, openslp-dfsg vulnerability
Description: openslp-dfsg: OpenSLP is an implementation of the Service Location Protocol - openslp: OpenSLP is an implementation of the Service Location Protocol An attacker could send crafted input to OpenSLP and cause it to hang.
Family: unix Class: patch
Reference(s): USN-1118-1
CVE-2010-3609
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 6.06
Ubuntu 9.10
Ubuntu 10.04
 Product(s): openslp
openslp-dfsg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20535
 
Oval ID: oval:org.mitre.oval:def:20535
Title: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Description: The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3609
 Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2
Application 2

OpenVAS Exploits

Date Description
2012-08-24 Name : Mandriva Update for openslp MDVSA-2012:141 (openslp)
File : nvt/gb_mandriva_MDVSA_2012_141.nasl
2012-03-16 Name : VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX...
File : nvt/gb_VMSA-2011-0004.nasl
2011-05-10 Name : Ubuntu Update for openslp-dfsg USN-1118-1
File : nvt/gb_ubuntu_USN_1118_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71019 VMware ESX Server / ESXi Service Location Protocol Daemon Unspecified DoS

VMware ESX Server and ESXi contains a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs in the Service Location Protocol daemon, and will result in a loss of availability. No further details have been provided.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date Description
2017-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201707-05.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0004_remote.nasl - Type : ACT_GATHER_INFO
2015-09-04 Name : The remote Debian host is missing a security update.
File : debian_DLA-304.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-7561.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_openslp-101012.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-111.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-141.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1118-1.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_openslp-101012.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_openslp-101012.nasl - Type : ACT_GATHER_INFO
2011-03-08 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openslp-101012.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openslp-101013.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openslp-7187.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-01-17 13:25:25
  • Multiple Updates
2013-05-11 00:57:04
  • Multiple Updates
2013-04-05 13:19:48
  • Multiple Updates