ID CVE-2015-5177
Summary Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
References
Vulnerable Configurations
  • cpe:2.3:a:openslp:openslp:1.2.1
    cpe:2.3:a:openslp:openslp:1.2.1
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-415
CAPEC
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-304.NASL
    description Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a 'next extension offset'. CVE-2012-4428 Georgi Geshev discovered that an out-of-bounds read error in the SLPIntersectStringList() function could be used to cause a DoS. CVE-2015-5177 A double free in the SLPDProcessMessage() function could be used to cause openslp to crash. For Debian 6 'Squeeze', these problems have been fixed in openslp-dfsg version 1.2.1-7.8+deb6u1. We recommend that you upgrade your openslp-dfsg packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 85769
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85769
    title Debian DLA-304-1 : openslp-dfsg security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3353.NASL
    description Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85810
    published 2015-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85810
    title Debian DSA-3353-1 : openslp-dfsg - security update
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_3021178_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 3021178. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86946
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86946
    title VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_3021432_REMOTE.NASL
    description The remote VMware ESXi host is version 5.0 prior to build 3021432. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86945
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86945
    title VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2730-1.NASL
    description Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85798
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85798
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2015-0007.NASL
    description The remote VMware ESXi host is affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen 2019-02-21
    modified 2018-10-24
    plugin id 86254
    published 2015-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86254
    title VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_5_BUILD_3029944_REMOTE.NASL
    description The remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86947
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86947
    title VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)
refmap via4
bid 76635
confirm
debian DSA-3353
sectrack 1033719
vmware via4
description VMware
finder
company QIHU 360
name Qinghao Tang
id VMSA-2015-0007
last_updated 2016-06-14T00:00:00
published 2015-10-01T00:00:00
title Vmware
workaround None
Last major update 22-10-2017 - 14:29
Published 22-10-2017 - 14:29
Last modified 07-11-2017 - 08:01
Back to Top