ID OPENVAS:1361412562310703353 Type openvas Reporter Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net Modified 2019-03-18T00:00:00
Description
Qinghao Tang of QIHU 360 discovered a
double free flaw in OpenSLP, an implementation of the IETF Service Location
Protocol. This could allow remote attackers to cause a denial of service
(crash).
# OpenVAS Vulnerability Test
# $Id: deb_3353.nasl 14275 2019-03-18 14:39:45Z cfischer $
# Auto-generated from advisory DSA 3353-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.703353");
script_version("$Revision: 14275 $");
script_cve_id("CVE-2015-5177");
script_name("Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)");
script_tag(name:"last_modification", value:"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $");
script_tag(name:"creation_date", value:"2015-09-05 00:00:00 +0200 (Sat, 05 Sep 2015)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"URL", value:"http://www.debian.org/security/2015/dsa-3353.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
script_tag(name:"affected", value:"openslp-dfsg on Debian Linux");
script_tag(name:"solution", value:"For the oldstable distribution (wheezy),
this problem has been fixed in version 1.2.1-9+deb7u1.
For the stable distribution (jessie), this problem has been fixed in
version 1.2.1-10+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 1.2.1-11.
We recommend that you upgrade your openslp-dfsg packages.");
script_tag(name:"summary", value:"Qinghao Tang of QIHU 360 discovered a
double free flaw in OpenSLP, an implementation of the IETF Service Location
Protocol. This could allow remote attackers to cause a denial of service
(crash).");
script_tag(name:"vuldetect", value:"This check tests the installed software
version using the apt package manager.");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"libslp-dev", ver:"1.2.1-9+deb7u1", rls:"DEB7")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libslp1", ver:"1.2.1-9+deb7u1", rls:"DEB7")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"openslp-doc", ver:"1.2.1-9+deb7u1", rls:"DEB7")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"slpd", ver:"1.2.1-9+deb7u1", rls:"DEB7")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"slptool", ver:"1.2.1-9+deb7u1", rls:"DEB7")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
{"id": "OPENVAS:1361412562310703353", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)", "description": "Qinghao Tang of QIHU 360 discovered a\ndouble free flaw in OpenSLP, an implementation of the IETF Service Location\nProtocol. This could allow remote attackers to cause a denial of service\n(crash).", "published": "2015-09-05T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703353", "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2015/dsa-3353.html"], "cvelist": ["CVE-2015-5177"], "lastseen": "2019-05-29T18:36:35", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5177"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3353-1:3C611", "DEBIAN:DLA-304-1:F9879"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105394", "OPENVAS:1361412562310105393", "OPENVAS:1361412562310842427", "OPENVAS:703353", "OPENVAS:1361412562310105395"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14686", "SECURITYVULNS:DOC:32504"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3353.NASL", "VMWARE_ESXI_5_1_BUILD_3021178_REMOTE.NASL", "VMWARE_ESXI_5_0_BUILD_3021432_REMOTE.NASL", "DEBIAN_DLA-304.NASL", "UBUNTU_USN-2730-1.NASL", "VMWARE_ESXI_5_5_BUILD_3029944_REMOTE.NASL", "VMWARE_VMSA-2015-0007.NASL"]}, {"type": "ubuntu", "idList": ["USN-2730-1"]}, {"type": "vmware", "idList": ["VMSA-2015-0007"]}], "modified": "2019-05-29T18:36:35", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T18:36:35", "rev": 2}, "vulnersScore": 4.9}, "pluginID": "1361412562310703353", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3353.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3353-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703353\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-5177\");\n script_name(\"Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-05 00:00:00 +0200 (Sat, 05 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3353.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openslp-dfsg on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 1.2.1-9+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.1-11.\n\nWe recommend that you upgrade your openslp-dfsg packages.\");\n script_tag(name:\"summary\", value:\"Qinghao Tang of QIHU 360 discovered a\ndouble free flaw in OpenSLP, an implementation of the IETF Service Location\nProtocol. This could allow remote attackers to cause a denial of service\n(crash).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libslp-dev\", ver:\"1.2.1-9+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-9+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openslp-doc\", ver:\"1.2.1-9+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"slpd\", ver:\"1.2.1-9+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"slptool\", ver:\"1.2.1-9+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T06:21:26", "description": "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-22T18:29:00", "title": "CVE-2015-5177", "type": "cve", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5177"], "modified": "2017-11-07T13:01:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:openslp:openslp:1.2.1"], "id": "CVE-2015-5177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5177", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-11-13T12:53:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5177"], "description": "Qinghao Tang of QIHU 360 discovered a\ndouble free flaw in OpenSLP, an implementation of the IETF Service Location\nProtocol. This could allow remote attackers to cause a denial of service\n(crash).", "modified": "2017-11-13T00:00:00", "published": "2015-09-05T00:00:00", "id": "OPENVAS:703353", "href": "http://plugins.openvas.org/nasl.php?oid=703353", "type": "openvas", "title": "Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3353.nasl 7739 2017-11-13 05:04:18Z teissa $\n# Auto-generated from advisory DSA 3353-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703353);\n script_version(\"$Revision: 7739 $\");\n script_cve_id(\"CVE-2015-5177\");\n script_name(\"Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-11-13 06:04:18 +0100 (Mon, 13 Nov 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-05 00:00:00 +0200 (Sat, 05 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3353.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openslp-dfsg on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 1.2.1-9+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.1-11.\n\nWe recommend that you upgrade your openslp-dfsg packages.\");\n script_tag(name: \"summary\", value: \"Qinghao Tang of QIHU 360 discovered a\ndouble free flaw in OpenSLP, an implementation of the IETF Service Location\nProtocol. This could allow remote attackers to cause a denial of service\n(crash).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libslp-dev\", ver:\"1.2.1-9+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-9+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openslp-doc\", ver:\"1.2.1-9+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slpd\", ver:\"1.2.1-9+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slptool\", ver:\"1.2.1-9+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-12-19T16:05:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4428", "CVE-2015-5177"], "description": "The remote host is missing an update for the ", "modified": "2019-12-18T00:00:00", "published": "2015-09-04T00:00:00", "id": "OPENVAS:1361412562310842427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842427", "type": "openvas", "title": "Ubuntu Update for openslp-dfsg USN-2730-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openslp-dfsg USN-2730-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842427\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-09-04 08:15:21 +0200 (Fri, 04 Sep 2015)\");\n script_cve_id(\"CVE-2012-4428\", \"CVE-2015-5177\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openslp-dfsg USN-2730-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openslp-dfsg'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Georgi Geshev discovered that OpenSLP\nincorrectly handled processing certain service requests. A remote attacker\ncould possibly use this issue to cause OpenSLP to crash, resulting in a denial\nof service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2012-4428)\n\nQinghao Tang discovered that OpenSLP incorrectly handled processing certain\nmessages. A remote attacker could possibly use this issue to cause\nOpenSLP to crash, resulting in a denial of service. (CVE-2015-5177)\");\n script_tag(name:\"affected\", value:\"openslp-dfsg on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2730-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2730-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-9ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.8ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "description": "VMware vCenter Server JMX RMI Remote Code Execution / vpxd denial-of-service vulnerability", "modified": "2018-09-06T00:00:00", "published": "2015-10-05T00:00:00", "id": "OPENVAS:1361412562310105395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105395", "type": "openvas", "title": "VMSA-2015-0007 VMware vCenter Server Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2015_0007.nasl 11259 2018-09-06 08:28:49Z mmartin $\n#\n# VMSA-2015-0007 VMware vCenter Server Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105395\");\n script_cve_id(\"CVE-2015-5177\", \"CVE-2015-2342\", \"CVE-2015-1047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11259 $\");\n script_name(\"VMSA-2015-0007 VMware vCenter Server Multiple Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n\n script_tag(name:\"insight\", value:\"Mware ESXi OpenSLP Remote Code Execution\nVMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host.\n\nVMware vCenter Server JMX RMI Remote Code Execution\nVMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server.\n\nVMware vCenter Server vpxd denial-of-service vulnerability\nVMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vCenter Server JMX RMI Remote Code Execution / vpxd denial-of-service vulnerability\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.5 without patch ESXi550-201509101\nVMware ESXi 5.1 without patch ESXi510-201510101\nVMware ESXi 5.0 without patch ESXi500-201510101\n\nVMware vCenter Server 6.0 prior to version 6.0 update 1\nVMware vCenter Server 5.5 prior to version 5.5 update 3\nVMware vCenter Server 5.1 prior to version 5.1 update u3b\nVMware vCenter Server 5.0 prior to version 5.u update u3e\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-06 10:28:49 +0200 (Thu, 06 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-05 11:16:27 +0200 (Mon, 05 Oct 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n exit(0);\n\n}\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nfixed_builds = make_array( \"5.0.0\",\"3073236\",\n \"5.1.0\",\"3070521\",\n \"5.5.0\",\"3000241\",\n \"6.0.0\",\"3040890\");\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "description": "VMware vCenter and ESXi updates address critical security issues.", "modified": "2018-10-12T00:00:00", "published": "2015-10-05T00:00:00", "id": "OPENVAS:1361412562310105394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105394", "type": "openvas", "title": "VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution (remote check)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2015-0007_remote.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105394\");\n script_cve_id(\"CVE-2015-5177\", \"CVE-2015-2342\", \"CVE-2015-1047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11872 $\");\n\n script_name(\"VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution (remote check)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n\n script_tag(name:\"insight\", value:\"VMware ESXi OpenSLP Remote Code Execution\nVMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host.\n\nVMware vCenter Server JMX RMI Remote Code Execution\nVMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server.\n\nVMware vCenter Server vpxd denial-of-service vulnerability\nVMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vCenter and ESXi updates address critical security issues.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.5 without patch ESXi550-201509101\nVMware ESXi 5.1 without patch ESXi510-201510101\nVMware ESXi 5.0 without patch ESXi500-201510101\n\nVMware vCenter Server 6.0 prior to version 6.0 update 1\nVMware vCenter Server 5.5 prior to version 5.5 update 3\nVMware vCenter Server 5.1 prior to version 5.1 update u3b\nVMware vCenter Server 5.0 prior to version 5.u update u3e\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-05 10:47:03 +0200 (Mon, 05 Oct 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.0.0\", \"3021432\",\n \"5.1.0\", \"3021178\",\n \"5.5.0\", \"3029944\");\n\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion] ) );\n exit(0);\n}\n\nexit( 99 );\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-19T16:05:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "description": "VMware vCenter and ESXi updates address critical security issues.", "modified": "2019-12-18T00:00:00", "published": "2015-10-05T00:00:00", "id": "OPENVAS:1361412562310105393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105393", "type": "openvas", "title": "VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105393\");\n script_cve_id(\"CVE-2015-5177\", \"CVE-2015-2342\", \"CVE-2015-1047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"- VMware ESXi OpenSLP Remote Code Execution\n\n VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of\n this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host.\n\n - VMware vCenter Server JMX RMI Remote Code Execution\n\n VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured.\n An unauthenticated remote attacker that is able to connect to the service may be able use it to execute\n arbitrary code on the vCenter server.\n\n - VMware vCenter Server vpxd denial-of-service vulnerability\n\n VMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may\n allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vCenter and ESXi updates address critical security issues.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.5 without patch ESXi550-201509101\n\n VMware ESXi 5.1 without patch ESXi510-201510101\n\n VMware ESXi 5.0 without patch ESXi500-201510101\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-10-05 10:37:34 +0200 (Mon, 05 Oct 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.0.0\", \"VIB:esx-base:5.0.0-3.70.3088986\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-3.57.3021178\",\n \"5.5.0\", \"VIB:esx-base:5.5.0-2.65.3029837\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-5177"], "description": "No description provided", "edition": 1, "modified": "2015-09-14T00:00:00", "published": "2015-09-14T00:00:00", "id": "SECURITYVULNS:VULN:14686", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14686", "title": "OpenSLP double free() vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5177"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3353-1 security@debian.org\r\nhttps://www.debian.org/security/ Alessandro Ghedini\r\nSeptember 05, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : openslp-dfsg\r\nCVE ID : CVE-2015-5177\r\nDebian Bug : 795429\r\n\r\nQinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\r\nimplementation of the IETF Service Location Protocol. This could allow\r\nremote attackers to cause a denial of service (crash).\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 1.2.1-9+deb7u1.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 1.2.1-10+deb8u1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.2.1-11.\r\n\r\nWe recommend that you upgrade your openslp-dfsg packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJV6v81AAoJEK+lG9bN5XPLCZEQAIqcadDeke6OIXqgMglx9j/V\r\nF4f1+kuaETjjNJDZ0/+1Hz7X7PA6CsWzyLeOuXd6UKQAiyeSg9IedFahlt8gQvCw\r\nzSVxXo12c//OG4bVG2q8bKRpPLp7/BtT6FUTmKKdSY5+zxJNPjZxa8KqF3cq5qZu\r\nHhrpJObetJZbzZp5TxWHJnv1cSS0zazv6eADDkutOcWV8H/+ifBBKyxdYIkFt5//\r\nQ1pooWwTJSzsN9yUp+r7jCI5vO9QeboH2nIt/LKRmZ3f24jkT7Q9oIkty0BPXY+j\r\nVoI2bDNofQPXXee+hVwVAMbL3BfrugZd2aR9QDPgwWGNBVJ/Dxu4+ohwVyZQcNE3\r\nfxYGDdh5piixfter916zorgveTNhKsz4FASbO7XOu1vhTIsawmAYESN90fhdpG1O\r\nMgrtYD3F7rOwdjF/CNjSJCW7IVqcxqGzZBA4luecZIB71GY4QXUxQjMNjawsnLV/\r\nVTgN47/KiSPSFUItLmBamds7kMt+vFW2ytj0iyBS+jYq9aLLKKCf50+mxs+hs6j0\r\n1yg//tv7ln5aW9573Z3i94jaaZqGBnwYyp+tSgMVtHfMXpT8V74G7WN9FNkWfy9a\r\nFg6zfakSRA6zYAHPRJ58Ndp5OKonUvwjVIY5ma1Q87C8CRXt8pEOW7zlLfBRbnwH\r\nnPXHGVSY8QG4Bg+w3Ljj\r\n=FB78\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-09-14T00:00:00", "published": "2015-09-14T00:00:00", "id": "SECURITYVULNS:DOC:32504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32504", "title": "[SECURITY] [DSA 3353-1] openslp-dfsg security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T09:49:14", "description": "Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\nimplementation of the IETF Service Location Protocol. This could allow\nremote attackers to cause a denial of service (crash).", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-09-08T00:00:00", "title": "Debian DSA-3353-1 : openslp-dfsg - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5177"], "modified": "2015-09-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openslp-dfsg", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3353.NASL", "href": "https://www.tenable.com/plugins/nessus/85810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3353. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85810);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5177\");\n script_xref(name:\"DSA\", value:\"3353\");\n\n script_name(english:\"Debian DSA-3353-1 : openslp-dfsg - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\nimplementation of the IETF Service Location Protocol. This could allow\nremote attackers to cause a denial of service (crash).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openslp-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openslp-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3353\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openslp-dfsg packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.2.1-9+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openslp-dfsg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libslp-dev\", reference:\"1.2.1-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libslp1\", reference:\"1.2.1-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openslp-doc\", reference:\"1.2.1-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"slpd\", reference:\"1.2.1-9+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"slptool\", reference:\"1.2.1-9+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libslp-dev\", reference:\"1.2.1-10+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libslp1\", reference:\"1.2.1-10+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openslp-doc\", reference:\"1.2.1-10+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"slpd\", reference:\"1.2.1-10+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"slptool\", reference:\"1.2.1-10+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T15:29:03", "description": "Georgi Geshev discovered that OpenSLP incorrectly handled processing\ncertain service requests. A remote attacker could possibly use this\nissue to cause OpenSLP to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2012-4428)\n\nQinghao Tang discovered that OpenSLP incorrectly handled processing\ncertain messages. A remote attacker could possibly use this issue to\ncause OpenSLP to crash, resulting in a denial of service.\n(CVE-2015-5177).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-09-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4428", "CVE-2015-5177"], "modified": "2015-09-04T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libslp1", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2730-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2730-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85798);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4428\", \"CVE-2015-5177\");\n script_xref(name:\"USN\", value:\"2730-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Georgi Geshev discovered that OpenSLP incorrectly handled processing\ncertain service requests. A remote attacker could possibly use this\nissue to cause OpenSLP to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2012-4428)\n\nQinghao Tang discovered that OpenSLP incorrectly handled processing\ncertain messages. A remote attacker could possibly use this issue to\ncause OpenSLP to crash, resulting in a denial of service.\n(CVE-2015-5177).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2730-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libslp1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libslp1\", pkgver:\"1.2.1-7.8ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libslp1\", pkgver:\"1.2.1-9ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libslp1\", pkgver:\"1.2.1-10ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libslp1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:43:37", "description": "Several issues have been found and solved in OpenSLP, that implements\nthe Internet Engineering Task Force (IETF) Service Location Protocol\nstandards protocol.\n\nCVE-2010-3609\n\nRemote attackers could cause a Denial of Service in the Service\nLocation Protocol daemon (SLPD) via a crafted packet with a 'next\nextension offset'.\n\nCVE-2012-4428\n\nGeorgi Geshev discovered that an out-of-bounds read error in the\nSLPIntersectStringList() function could be used to cause a DoS.\n\nCVE-2015-5177\n\nA double free in the SLPDProcessMessage() function could be used to\ncause openslp to crash.\n\nFor Debian 6 'Squeeze', these problems have been fixed in openslp-dfsg\nversion 1.2.1-7.8+deb6u1.\n\nWe recommend that you upgrade your openslp-dfsg packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-09-04T00:00:00", "title": "Debian DLA-304-1 : openslp-dfsg security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609", "CVE-2012-4428", "CVE-2015-5177"], "modified": "2015-09-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:slptool", "p-cpe:/a:debian:debian_linux:libslp1", "p-cpe:/a:debian:debian_linux:libslp-dev", "p-cpe:/a:debian:debian_linux:openslp-doc", "p-cpe:/a:debian:debian_linux:slpd"], "id": "DEBIAN_DLA-304.NASL", "href": "https://www.tenable.com/plugins/nessus/85769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-304-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85769);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3609\", \"CVE-2012-4428\", \"CVE-2015-5177\");\n script_bugtraq_id(46772, 55540);\n\n script_name(english:\"Debian DLA-304-1 : openslp-dfsg security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found and solved in OpenSLP, that implements\nthe Internet Engineering Task Force (IETF) Service Location Protocol\nstandards protocol.\n\nCVE-2010-3609\n\nRemote attackers could cause a Denial of Service in the Service\nLocation Protocol daemon (SLPD) via a crafted packet with a 'next\nextension offset'.\n\nCVE-2012-4428\n\nGeorgi Geshev discovered that an out-of-bounds read error in the\nSLPIntersectStringList() function could be used to cause a DoS.\n\nCVE-2015-5177\n\nA double free in the SLPDProcessMessage() function could be used to\ncause openslp to crash.\n\nFor Debian 6 'Squeeze', these problems have been fixed in openslp-dfsg\nversion 1.2.1-7.8+deb6u1.\n\nWe recommend that you upgrade your openslp-dfsg packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openslp-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/LTS/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libslp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openslp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:slpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:slptool\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libslp-dev\", reference:\"1.2.1-7.8+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libslp1\", reference:\"1.2.1-7.8+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openslp-doc\", reference:\"1.2.1-7.8+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"slpd\", reference:\"1.2.1-7.8+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"slptool\", reference:\"1.2.1-7.8+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T15:21:39", "description": "The remote VMware ESXi host is affected by a remote code execution\nvulnerability due to a double-free error in the SLPDProcessMessage()\nfunction in OpenSLP. An unauthenticated, remote attacker can exploit\nthis, via a crafted package, to execute arbitrary code or cause a\ndenial of service condition.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-10-03T00:00:00", "title": "VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "modified": "2015-10-03T00:00:00", "cpe": ["cpe:/o:vmware:esxi:6.5", "cpe:/o:vmware:esxi:6.0", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.5", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:6.7"], "id": "VMWARE_VMSA-2015-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/86254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2015-0007. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86254);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1047\", \"CVE-2015-2342\", \"CVE-2015-5177\");\n script_xref(name:\"VMSA\", value:\"2015-0007\");\n\n script_name(english:\"VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote VMware ESXi host is affected by a remote code execution\nvulnerability due to a double-free error in the SLPDProcessMessage()\nfunction in OpenSLP. An unauthenticated, remote attacker can exploit\nthis, via a crafted package, to execute arbitrary code or cause a\ndenial of service condition.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2016/000333.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.vmware.com/security/advisories/VMSA-2015-0007.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java JMX Server Insecure Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2015-10-01\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-3.70.3088986\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-3.57.3021178\")) flag++;\n\nif (esx_check(ver:\"ESXi 5.5\", vib:\"VMware:esx-base:5.5.0-2.65.3029837\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:esx-base:6.0.0-3.87.8934903\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsan:6.0.0-3.87.8155259\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsanhealth:6.0.0-3000000.3.0.3.87.8155260\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-base:6.5.0-2.54.8935087\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-tboot:6.5.0-2.54.8935087\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsan:6.5.0-2.54.8359236\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsanhealth:6.5.0-2.54.8359237\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:esx-base:6.7.0-0.14.8941472\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:vsan:6.7.0-0.14.8941472\")) flag++;\nif (esx_check(ver:\"ESXi 6.7\", vib:\"VMware:vsanhealth:6.7.0-0.14.8941472\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:48:54", "description": "The remote VMware ESXi host is version 5.5 prior to build 3029944. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.", "edition": 28, "cvss3": {"score": 8.6, "vector": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2015-11-19T00:00:00", "title": "VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_5_BUILD_3029944_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/86947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86947);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-1047\", \"CVE-2015-2342\", \"CVE-2015-5177\");\n script_bugtraq_id(76635, 76930, 76932);\n script_xref(name:\"VMSA\", value:\"2015-0007\");\n script_xref(name:\"ZDI\", value:\"ZDI-15-455\");\n\n script_name(english:\"VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.5 prior to build 3029944. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-455/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi550-201509101-SG for ESXi 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2342\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java JMX Server Insecure Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.5\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.5\");\n\nmatch = pregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 3029944;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:48:44", "description": "The remote VMware ESXi host is version 5.0 prior to build 3021432. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.", "edition": 28, "cvss3": {"score": 8.6, "vector": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2015-11-19T00:00:00", "title": "VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_0_BUILD_3021432_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/86945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86945);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-1047\", \"CVE-2015-2342\", \"CVE-2015-5177\");\n script_bugtraq_id(76635, 76930, 76932);\n script_xref(name:\"VMSA\", value:\"2015-0007\");\n script_xref(name:\"ZDI\", value:\"ZDI-15-455\");\n\n script_name(english:\"VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.0 prior to build 3021432. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-455/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201510101-SG for ESXi 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2342\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java JMX Server Insecure Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = pregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 3021432;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:48:52", "description": "The remote VMware ESXi host is version 5.1 prior to build 3021178. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.", "edition": 28, "cvss3": {"score": 8.6, "vector": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2015-11-19T00:00:00", "title": "VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_1_BUILD_3021178_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/86946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86946);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-1047\", \"CVE-2015-2342\", \"CVE-2015-5177\");\n script_bugtraq_id(76635, 76930, 76932);\n script_xref(name:\"VMSA\", value:\"2015-0007\");\n script_xref(name:\"ZDI\", value:\"ZDI-15-455\");\n\n script_name(english:\"VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 3021178. It\nis, therefore, affected by a remote code execution vulnerability due\nto a double-free error in the SLPDProcessMessage() function in\nOpenSLP. An unauthenticated, remote attacker can exploit this, via a\ncrafted package, to execute arbitrary code or cause a denial of\nservice condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2015-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-455/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi510-201510101-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2342\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java JMX Server Insecure Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = pregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 3021178;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:51:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5177"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3353-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nSeptember 05, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openslp-dfsg\nCVE ID : CVE-2015-5177\nDebian Bug : 795429\n\nQinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\nimplementation of the IETF Service Location Protocol. This could allow\nremote attackers to cause a denial of service (crash).\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.2.1-9+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.1-11.\n\nWe recommend that you upgrade your openslp-dfsg packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2015-09-05T14:42:17", "published": "2015-09-05T14:42:17", "id": "DEBIAN:DSA-3353-1:3C611", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00252.html", "title": "[SECURITY] [DSA 3353-1] openslp-dfsg security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:25:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3609", "CVE-2012-4428", "CVE-2015-5177"], "description": "Package : openslp-dfsg\nVersion : 1.2.1-7.8+deb6u1\nCVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177\nDebian Bug : 623551 687597 795429\n\nSeveral issues have been found and solved in OpenSLP, that implements the\nInternet Engineering Task Force (IETF) Service Location Protocol standards\nprotocol.\n\nCVE-2010-3609\n\n Remote attackers could cause a Denial of Service in the Service Location\n Protocol daemon (SLPD) via a crafted packet with a "next extension offset".\n\nCVE-2012-4428\n\n Georgi Geshev discovered that an out-of-bounds read error in the\n SLPIntersectStringList() function could be used to cause a DoS.\n\nCVE-2015-5177\n\n A double free in the SLPDProcessMessage() function could be used to cause\n openslp to crash.\n\nFor Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg\nversion 1.2.1-7.8+deb6u1.\n\nWe recommend that you upgrade your openslp-dfsg packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n", "edition": 7, "modified": "2015-09-03T07:43:26", "published": "2015-09-03T07:43:26", "id": "DEBIAN:DLA-304-1:F9879", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00000.html", "title": "[SECURITY] [DLA 304-1] openslp-dfsg security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4428", "CVE-2015-5177"], "description": "Georgi Geshev discovered that OpenSLP incorrectly handled processing \ncertain service requests. A remote attacker could possibly use this issue \nto cause OpenSLP to crash, resulting in a denial of service. This issue \nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428)\n\nQinghao Tang discovered that OpenSLP incorrectly handled processing certain \nmessages. A remote attacker could possibly use this issue to cause \nOpenSLP to crash, resulting in a denial of service. (CVE-2015-5177)", "edition": 5, "modified": "2015-09-03T00:00:00", "published": "2015-09-03T00:00:00", "id": "USN-2730-1", "href": "https://ubuntu.com/security/notices/USN-2730-1", "title": "OpenSLP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2342", "CVE-2015-1047", "CVE-2015-5177"], "description": "a. VMware ESXi OpenSLP Remote Code Execution\n\nVMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to remotely execute code on the ESXi host.\n\nVMware would like to thank Qinghao Tang of QIHU 360 for reporting this issue to us.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-5177 to this issue.\n\nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 9, "modified": "2018-08-07T00:00:00", "published": "2015-10-01T00:00:00", "id": "VMSA-2015-0007", "href": "https://www.vmware.com/security/advisories/VMSA-2015-0007.html", "title": "VMware vCenter and ESXi updates address critical security issues.", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
