7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.4%
Package : openslp-dfsg
Version : 1.2.1-7.8+deb6u1
CVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177
Debian Bug : 623551 687597 795429
Several issues have been found and solved in OpenSLP, that implements the
Internet Engineering Task Force (IETF) Service Location Protocol standards
protocol.
CVE-2010-3609
Remote attackers could cause a Denial of Service in the Service Location
Protocol daemon (SLPD) via a crafted packet with a "next extension offset".
CVE-2012-4428
Georgi Geshev discovered that an out-of-bounds read error in the
SLPIntersectStringList() function could be used to cause a DoS.
CVE-2015-5177
A double free in the SLPDProcessMessage() function could be used to cause
openslp to crash.
For Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg
version 1.2.1-7.8+deb6u1.
We recommend that you upgrade your openslp-dfsg packages.
Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | slptool | < 1.2.1-7.8+deb6u1 | slptool_1.2.1-7.8+deb6u1_amd64.deb |
Debian | 7 | mipsel | libslp1 | < 1.2.1-9+deb7u1 | libslp1_1.2.1-9+deb7u1_mipsel.deb |
Debian | 8 | armel | libslp-dev | < 1.2.1-10+deb8u1 | libslp-dev_1.2.1-10+deb8u1_armel.deb |
Debian | 8 | all | openslp-doc | < 1.2.1-10+deb8u1 | openslp-doc_1.2.1-10+deb8u1_all.deb |
Debian | 7 | powerpc | slptool | < 1.2.1-9+deb7u1 | slptool_1.2.1-9+deb7u1_powerpc.deb |
Debian | 6 | i386 | slptool | < 1.2.1-7.8+deb6u1 | slptool_1.2.1-7.8+deb6u1_i386.deb |
Debian | 8 | ppc64el | slptool | < 1.2.1-10+deb8u1 | slptool_1.2.1-10+deb8u1_ppc64el.deb |
Debian | 8 | armhf | slptool | < 1.2.1-10+deb8u1 | slptool_1.2.1-10+deb8u1_armhf.deb |
Debian | 8 | amd64 | slptool | < 1.2.1-10+deb8u1 | slptool_1.2.1-10+deb8u1_amd64.deb |
Debian | 7 | i386 | slpd | < 1.2.1-9+deb7u1 | slpd_1.2.1-9+deb7u1_i386.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.4%