← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

PublicDateAtUSN: 2011-03-11
Candidate: CVE-2010-3609
PublicDate: 2011-03-11
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
 http://lwn.net/Alerts/417755/
 http://www.kb.cert.org/vuls/id/393783
 http://www.ubuntu.com/usn/usn-1118-1
Description:
 The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other
 versions before SVN revision 1647, as used in Service Location Protocol
 daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote
 attackers to cause a denial of service (infinite loop) via a packet with a
 "next extension offset" that references this extension or a previous
 extension.  NOTE: some of these details are obtained from third party
 information.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_openslp-dfsg:
 opensuse: https://build.opensuse.org/package/view_file?file=openslp.parseext.diff&package=openslp&project=openSUSE%3A11.4&srcmd5=38039c725b8a6c1e0cdd4efdffa8bcc8
 upstream: http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647
upstream_openslp-dfsg: needs-triage
dapper_openslp-dfsg: DNE
hardy_openslp-dfsg: released (1.2.1-7.1ubuntu0.2)
karmic_openslp-dfsg: released (1.2.1-7.5ubuntu0.1)
lucid_openslp-dfsg: released (1.2.1-7.6ubuntu0.1)
maverick_openslp-dfsg: released (1.2.1-7.7ubuntu0.1)
devel_openslp-dfsg: released (1.2.1-7.8ubuntu1)

Patches_openslp:
upstream_openslp: needs-triage
dapper_openslp: released (1.2.1-5ubuntu0.2)
hardy_openslp: DNE
karmic_openslp: DNE
lucid_openslp: DNE
maverick_openslp: DNE
devel_openslp: DNE