ID CVE-2019-5544
Summary OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:horizon_daas:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_daas:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_daas:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_daas:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openslp:openslp:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openslp:openslp:2.0.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-05-2020 - 00:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1777788
    title CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment openslp is earlier than 1:2.0.0-8.el7_7
            oval oval:com.redhat.rhsa:tst:20194240001
          • comment openslp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240002
        • AND
          • comment openslp-devel is earlier than 1:2.0.0-8.el7_7
            oval oval:com.redhat.rhsa:tst:20194240003
          • comment openslp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240004
        • AND
          • comment openslp-server is earlier than 1:2.0.0-8.el7_7
            oval oval:com.redhat.rhsa:tst:20194240005
          • comment openslp-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240006
    rhsa
    id RHSA-2019:4240
    released 2019-12-16
    severity Critical
    title RHSA-2019:4240: openslp security update (Critical)
  • bugzilla
    id 1777788
    title CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment openslp is earlier than 1:2.0.0-4.el6_10
            oval oval:com.redhat.rhsa:tst:20200199001
          • comment openslp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240002
        • AND
          • comment openslp-devel is earlier than 1:2.0.0-4.el6_10
            oval oval:com.redhat.rhsa:tst:20200199003
          • comment openslp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240004
        • AND
          • comment openslp-server is earlier than 1:2.0.0-4.el6_10
            oval oval:com.redhat.rhsa:tst:20200199005
          • comment openslp-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20182240006
    rhsa
    id RHSA-2020:0199
    released 2020-01-22
    severity Critical
    title RHSA-2020:0199: openslp security update (Critical)
rpms
  • openslp-1:2.0.0-8.el7_7
  • openslp-debuginfo-1:2.0.0-8.el7_7
  • openslp-devel-1:2.0.0-8.el7_7
  • openslp-server-1:2.0.0-8.el7_7
  • openslp-1:2.0.0-4.el6_10
  • openslp-debuginfo-1:2.0.0-4.el6_10
  • openslp-devel-1:2.0.0-4.el6_10
  • openslp-server-1:2.0.0-4.el6_10
refmap via4
confirm http://www.vmware.com/security/advisories/VMSA-2019-0022.html
fedora
  • FEDORA-2019-1e5ae33e87
  • FEDORA-2019-86bceb61b3
gentoo GLSA-202005-12
mlist
  • [oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
  • [oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability
Last major update 15-05-2020 - 00:15
Published 06-12-2019 - 16:15
Last modified 15-05-2020 - 00:15
Back to Top