Medium Nessus Plugin ID 17325
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:015 (openslp).
The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP).
SLP is used by Desktops to locate certain services such as printers and by servers to announce their services.
During the audit, various buffer overflows and out of bounds memory access have been fixed which can be triggered by remote attackers by sending malformed SLP packets.