1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
PublicDateAtUSN: 2011-03-11
Candidate: CVE-2010-3609
PublicDate: 2011-03-11
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
http://lwn.net/Alerts/417755/
http://www.kb.cert.org/vuls/id/393783
http://www.ubuntu.com/usn/usn-1118-1
Description:
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other
versions before SVN revision 1647, as used in Service Location Protocol
daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote
attackers to cause a denial of service (infinite loop) via a packet with a
"next extension offset" that references this extension or a previous
extension. NOTE: some of these details are obtained from third party
information.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_openslp-dfsg:
opensuse: https://build.opensuse.org/package/view_file?file=openslp.parseext.diff&package=openslp&project=openSUSE%3A11.4&srcmd5=38039c725b8a6c1e0cdd4efdffa8bcc8
upstream: http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647
upstream_openslp-dfsg: needs-triage
dapper_openslp-dfsg: DNE
hardy_openslp-dfsg: released (1.2.1-7.1ubuntu0.2)
karmic_openslp-dfsg: released (1.2.1-7.5ubuntu0.1)
lucid_openslp-dfsg: released (1.2.1-7.6ubuntu0.1)
maverick_openslp-dfsg: released (1.2.1-7.7ubuntu0.1)
devel_openslp-dfsg: released (1.2.1-7.8ubuntu1)
Patches_openslp:
upstream_openslp: needs-triage
dapper_openslp: released (1.2.1-5ubuntu0.2)
hardy_openslp: DNE
karmic_openslp: DNE
lucid_openslp: DNE
maverick_openslp: DNE
devel_openslp: DNE
|