openslp: SLPIntersectStringList()' Function has a DoS vulnerability

The remote host is affected by the vulnerability described in GLSA-201707-05 (OpenSLP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSLP. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly cause a Denial of Service condition or       have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2730-1 advisory.

    Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote     attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This     issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428)

    Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker     could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol.

CVE-2010-3609

Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a 'next extension offset'.

CVE-2012-4428

Georgi Geshev discovered that an out-of-bounds read error in the SLPIntersectStringList() function could be used to cause a DoS.

CVE-2015-5177

A double free in the SLPDProcessMessage() function could be used to cause openslp to crash.

For Debian 6 'Squeeze', these problems have been fixed in openslp-dfsg version 1.2.1-7.8+deb6u1.

We recommend that you upgrade your openslp-dfsg packages.

Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

openslp: denial of service vulnerability (CVE-2010-3609)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
101336	GLSA-201707-05 : OpenSLP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
85798	Ubuntu 14.04 LTS : OpenSLP vulnerabilities (USN-2730-1)	Nessus	Ubuntu Local Security Checks	high
85769	Debian DLA-304-1 : openslp-dfsg security update	Nessus	Debian Local Security Checks	high
83890	Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)	Nessus	Fedora Local Security Checks	medium
83756	SUSE SLED11 / SLES11 Security Update : OpenSLP (SUSE-SU-2015:0922-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2012-4428

high

Tenable Plugins

critical

high

high

medium

high