ID CVE-2010-3609
Summary The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:openslp:openslp:1.2.1
    cpe:2.3:a:openslp:openslp:1.2.1
  • cpe:2.3:a:vmware:esx:4.0
    cpe:2.3:a:vmware:esx:4.0
  • cpe:2.3:a:vmware:esx:4.1
    cpe:2.3:a:vmware:esx:4.1
  • cpe:2.3:a:vmware:esxi:4.0
    cpe:2.3:a:vmware:esxi:4.0
  • cpe:2.3:a:vmware:esxi:4.1
    cpe:2.3:a:vmware:esxi:4.1
CVSS
Base: 5.0 (as of 14-03-2011 - 09:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description OpenSLP 1.2.1 & < 1647 trunk - Denial of Service Exploit. CVE-2010-3609. Dos exploits for multiple platform
id EDB-ID:17610
last seen 2016-02-02
modified 2011-08-05
published 2011-08-05
reporter Nicolas Gregoire
source https://www.exploit-db.com/download/17610/
title OpenSLP 1.2.1 & < 1647 trunk - Denial of Service Exploit
nessus via4
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0004_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries : - bind - pam - popt - rpm - rpm-libs - rpm-python - Service Location Protocol daemon (SLPD)
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89675
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89675
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0004.NASL
    description a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. VMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-3609 to this issue. b. Service Console update for bind This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3613, CVE-2010-3614, and CVE-2010-3762 to these issues. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3316, CVE-2010-3435, and CVE-2010-3853 to these issues. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2059 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 52582
    published 2011-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52582
    title VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-141.NASL
    description A vulnerability has been discovered and corrected in openslp : The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (infinite loop) via a packet with a next extension offset that references this extension or a previous extension (CVE-2010-3609). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 61986
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61986
    title Mandriva Linux Security Advisory : openslp (MDVSA-2012:141)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSLP-7187.NASL
    description The openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609). This has been fixed. Additionally the following non-security bugs were fixed : - This openSLP update extends the net.slp.isDABackup mechanism introduced with the previous update by a new configuration option 'DABackupLocalReg'. - This option tells the openslp server to also backup local registrations. (bnc#597215) - In addition, standard compliance was fixed by stripping leading and trailing white spaces when doing string comparisons of scopes.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 50842
    published 2010-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50842
    title SuSE 10 Security Update : openslp (ZYPP Patch Number 7187)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1118-1.NASL
    description It was discovered that OpenSLP incorrectly handled certain corrupted messages. A remote attacker could send a specially crafted packet to the OpenSLP server and cause it to hang, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55076
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55076
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openslp, openslp-dfsg vulnerability (USN-1118-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-304.NASL
    description Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a 'next extension offset'. CVE-2012-4428 Georgi Geshev discovered that an out-of-bounds read error in the SLPIntersectStringList() function could be used to cause a DoS. CVE-2015-5177 A double free in the SLPDProcessMessage() function could be used to cause openslp to crash. For Debian 6 'Squeeze', these problems have been fixed in openslp-dfsg version 1.2.1-7.8+deb6u1. We recommend that you upgrade your openslp-dfsg packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 85769
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85769
    title Debian DLA-304-1 : openslp-dfsg security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENSLP-101012.NASL
    description The openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609). This has been fixed. Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration options to openSLP: net.slp.DASyncReg makes slpd query statically configured DAs for registrations, net.slp.isDABackup enables periodic writing of remote registrations to a backup file which is also read on startup. Both options can be used to decrease the time between the start of the slpd daemon and slpd knowing all registrations. - 601002: reduce CPU usage spikes on machines with many connections by using the kernel netlink interface instead of reading the /proc filesystem. - 626444: Standard compliance was fixed by stripping leading and trailing white spaces when doing string comparisons of scopes.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51628
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51628
    title SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_OPENSLP-101012.NASL
    description the openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53785
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53785
    title openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_OPENSLP-101012.NASL
    description the openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75689
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75689
    title openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENSLP-101013.NASL
    description The openslp daemon could run into an endless loop when receiving specially crafted packets. (CVE-2010-3609) Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration options to openSLP: net.slp.DASyncReg makes slpd query statically configured DAs for registrations, net.slp.isDABackup enables periodic writing of remote registrations to a backup file which is also read on startup. Both options can be used to decrease the time between the start of the slpd daemon and slpd knowing all registrations. - 601002: reduce CPU usage spikes on machines with many connections by using the kernel netlink interface instead of reading the /proc filesystem. - 626444: Standard compliance was fixed by stripping leading and trailing white spaces when doing string comparisons of scopes.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50954
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50954
    title SuSE 11 Security Update : openslp (SAT Patch Number 3317)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-7561.NASL
    description openslp: denial of service vulnerability (CVE-2010-3609) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 83890
    published 2015-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83890
    title Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_OPENSLP-101012.NASL
    description the openslp daemon could run into an endless loop when receiving specially crafted packets (CVE-2010-3609).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53685
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53685
    title openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-111.NASL
    description Updated openslp packages fix security vulnerability : The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (infinite loop) via a packet with a next extension offset that references this extension or a previous extension (CVE-2010-3609).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 66123
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66123
    title Mandriva Linux Security Advisory : openslp (MDVSA-2013:111)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201707-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201707-05 (OpenSLP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-07-10
    plugin id 101336
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101336
    title GLSA-201707-05 : OpenSLP: Multiple vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/103443/SLPick.py.txt
id PACKETSTORM:103443
last seen 2016-12-05
published 2011-07-26
reporter Nicolas Gregoire
source https://packetstormsecurity.com/files/103443/SLP-Service-Location-Protocol-Denial-Of-Service.html
title SLP (Service Location Protocol) Denial Of Service
refmap via4
bid 46772
bugtraq 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
cert-vn VU#393783
confirm
gentoo GLSA-201707-05
mandriva
  • MDVSA-2012:141
  • MDVSA-2013:111
mlist [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
osvdb 71019
sectrack 1025168
secunia
  • 43601
  • 43742
sreason 8127
vupen
  • ADV-2011-0606
  • ADV-2011-0729
xf vmware-esxserver-slpd-dos(65931)
Last major update 16-01-2014 - 23:49
Published 11-03-2011 - 12:55
Last modified 10-10-2018 - 16:04
Back to Top