[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption

[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption

93186

GLSA-201707-05

https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/

45804

According to the versions of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Buffer overflow in the SLPFoldWhiteSpace function in     common/slp_compare.c in OpenSLP 2.0 allows remote     attackers to have unspecified impact via a crafted     string.(CVE-2016-7567)

  - The _xrealloc function in xlsp_xmalloc.c in OpenSLP     2.0.0 allows remote attackers to cause a denial of     service (NULL pointer dereference and crash) via a     large number of crafted packets, which triggers a     memory allocation failure.(CVE-2016-4912)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the openslp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Buffer overflow in the SLPFoldWhiteSpace function in     common/slp_compare.c in OpenSLP 2.0 allows remote     attackers to have unspecified impact via a crafted     string.(CVE-2016-7567)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed :

  - CVE-2016-4912: A remote attacker could have crashed the     server with a large number of packages (bsc#980722)

  - CVE-2016-7567: A remote attacker could cause a memory     corruption having unspecified impact (bsc#1001600) The     following bugfix changes are included :

  - bsc#994989: Removed convenience code as changes bytes in     the message buffer breaking the verification code

  - bsc#974655: Removed no longer needed slpd init file

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Fix possible overflow in SLPFoldWhiteSpace, CVE-2016-7567

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201707-05 (OpenSLP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSLP. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly cause a Denial of Service condition or       have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

This update for openslp fixes two security issues and two bugs.

The following vulnerabilities were fixed :

  - CVE-2016-4912: A remote attacker could have crashed the     server with a large number of packages (bsc#980722)

  - CVE-2016-7567: A remote attacker could cause a memory     corruption having unspecified impact (bsc#1001600)

The following bugfix changes are included :

  - bsc#994989: Removed convenience code as changes bytes in     the message buffer breaking the verification code

  - bsc#974655: Removed no longer needed slpd init file

This update was imported from the SUSE:SLE-12:Update update project.

ID	Name	Product	Family	Severity
132176	EulerOS 2.0 SP3 : openslp (EulerOS-SA-2019-2641)	Nessus	Huawei Local Security Checks	critical
131886	EulerOS 2.0 SP2 : openslp (EulerOS-SA-2019-2394)	Nessus	Huawei Local Security Checks	critical
130638	EulerOS 2.0 SP5 : openslp (EulerOS-SA-2019-2176)	Nessus	Huawei Local Security Checks	critical
106073	SUSE SLED12 / SLES12 Security Update : openslp (SUSE-SU-2018:0100-1)	Nessus	SuSE Local Security Checks	critical
101756	Fedora 26 : openslp (2017-ffc47d48ec)	Nessus	Fedora Local Security Checks	critical
101336	GLSA-201707-05 : OpenSLP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
97903	Fedora 25 : openslp (2017-47a4910f07)	Nessus	Fedora Local Security Checks	critical
94531	openSUSE Security Update : openslp (openSUSE-2016-1262)	Nessus	SuSE Local Security Checks	critical
94349	SUSE SLED12 / SLES12 Security Update : openslp (SUSE-SU-2016:2661-1)	Nessus	SuSE Local Security Checks	critical

CVE-2016-7567

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical