CVE-2010-3609

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

References

http://lists.vmware.com/pipermail/security-announce/2011/000126.html

http://secunia.com/advisories/43601

http://secunia.com/advisories/43742

http://securityreason.com/securityalert/8127

http://securitytracker.com/id?1025168

http://www.kb.cert.org/vuls/id/393783

http://www.mandriva.com/security/advisories?name=MDVSA-2012:141

http://www.mandriva.com/security/advisories?name=MDVSA-2013:111

http://www.osvdb.org/71019

http://www.securityfocus.com/archive/1/516909/100/0/threaded

http://www.securityfocus.com/bid/46772

http://www.vmware.com/security/advisories/VMSA-2011-0004.html

http://www.vupen.com/english/advisories/2011/0606

http://www.vupen.com/english/advisories/2011/0729

https://exchange.xforce.ibmcloud.com/vulnerabilities/65931

https://security.gentoo.org/glsa/201707-05

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227

Details

Source: MITRE

Published: 2011-03-11

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
101336GLSA-201707-05 : OpenSLP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
89675VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)NessusMisc.
high
85769Debian DLA-304-1 : openslp-dfsg security updateNessusDebian Local Security Checks
high
83890Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)NessusFedora Local Security Checks
medium
75689openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)NessusSuSE Local Security Checks
medium
66123Mandriva Linux Security Advisory : openslp (MDVSA-2013:111)NessusMandriva Local Security Checks
medium
61986Mandriva Linux Security Advisory : openslp (MDVSA-2012:141)NessusMandriva Local Security Checks
medium
55076Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openslp, openslp-dfsg vulnerability (USN-1118-1)NessusUbuntu Local Security Checks
medium
53785openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)NessusSuSE Local Security Checks
medium
53685openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)NessusSuSE Local Security Checks
medium
52582VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.NessusVMware ESX Local Security Checks
high
51628SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)NessusSuSE Local Security Checks
medium
50954SuSE 11 Security Update : openslp (SAT Patch Number 3317)NessusSuSE Local Security Checks
medium
50842SuSE 10 Security Update : openslp (ZYPP Patch Number 7187)NessusSuSE Local Security Checks
medium