The Bug Report – February 2023 Edition

The Bug Report – February 2023 Edition By Trellix · March 1, 2023 This story was also written by Sam Quinn. Figure 1: Ironic. It could protect other devices from threats, but not itself. Why am I here? Welcome back to the Bug Report! For those in the audience unfamiliar with our shtick, we compil...

K13314257: slpd vulnerability CVE-2017-17833

Security Advisory Description OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2017-17833 Impact There is no impact; F5 products are not affected by this...

Security Bulletin: A vulnerability in OpenSLP affects the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSLP to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of this vulnerability CVE-2017-17833 could make the system susceptible to a denial of service due to a corruption of heap memory by a remote attacker. Vulnerability Detai...

SUSE CVE-2012-4428

openslp: SLPIntersectStringList' Function has a DoS vulnerability...

SUSE CVE-2015-5177

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpdknownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service crash via a crafted package...

SUSE CVE-2016-4912

The xrealloc function in xlspxmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a large number of crafted packets, which triggers a memory allocation failure...

SUSE CVE-2019-5544

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

The ESXiArgs ransomware attack is targeting VMware ESXi servers globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A global ransomware attack, known as ESXiArgs, is affecting servers using VMware ESXi hypervisors version 6.x prior to 6.7 due to a vulnerability CVE-2021-21974 caused by a heap overflow issue in the Ope...

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

Global ESXiArgs Ransomware Attack on the Back of a Two-Year-Old Vulnerability By John Fokker, Alfred Alvarado, Tim Hux, Jeffrey Sman, Joao Marques · February 09, 2023 Figure 1: Global Telemetry from Trellix ATLAS for Ips connecting to port 427 Introduction: Early this week, VMware issued a...

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

Global ESXiArgs Ransomware Attack on the Back of a Two-Year-Old Vulnerability By John Fokker, Alfred Alvarado, Tim Hux, Jeffrey Sman, Joao Marques · February 09, 2023 Figure 1: Global Telemetry from Trellix ATLAS for Ips connecting to port 427 Introduction: Early this week, VMware issued a...

Service Location Protocol (SLP) Detection (UDP)

UDP based detection of services supporting the Service Location Protocol SLP. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21974

A heap overflow vulnerability was found in OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG. This flaw allows a malicious actor residing within the same network segment as ESXi, who has access to port 427, to trigger the heap...

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support EoGS and/or significantly out-of-date products are bein...

Ransomware Campaign Compromising VMware ESXi Servers

On February 3, 2023, French web hosting provider OVH and French CERT issued warnings about a ransomware campaign that was targeting VMware ESXi servers worldwide with a new ransomware strain dubbed “ESXiArgs.” The campaign appears to be leveraging CVE-2021-21974, a nearly two-year-old heap overfl...

[update]Two year old vulnerability used in ransomware attack against VMware ESXi

On Friday and over the weekend, several Computer Emergency Response Teams CERTs sounded the alarm about an ongoing large scale ransomware attack on VMware ESXi virtual machines. With some discrepancies between Shodan queries from various researchers, most agree that an estimated 500 entities were...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

CVE-2016-7567 affecting package openslp for versions less than 2.0.0-26

CVE-2016-7567 affecting package openslp for versions less than 2.0.0-26. A patched version of the package is available...

CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26

CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26. A patched version of the package is available...