CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
97.2%
Package : openslp-dfsg
Version : 1.2.1-7.8+deb6u1
CVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177
Debian Bug : 623551 687597 795429
Several issues have been found and solved in OpenSLP, that implements the
Internet Engineering Task Force (IETF) Service Location Protocol standards
protocol.
CVE-2010-3609
Remote attackers could cause a Denial of Service in the Service Location
Protocol daemon (SLPD) via a crafted packet with a "next extension offset".
CVE-2012-4428
Georgi Geshev discovered that an out-of-bounds read error in the
SLPIntersectStringList() function could be used to cause a DoS.
CVE-2015-5177
A double free in the SLPDProcessMessage() function could be used to cause
openslp to crash.
For Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg
version 1.2.1-7.8+deb6u1.
We recommend that you upgrade your openslp-dfsg packages.
Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-amd64 | slptool | < 1.2.1-9+deb7u1 | slptool_1.2.1-9+deb7u1_kfreebsd-amd64.deb |
Debian | 8 | mipsel | slpd | < 1.2.1-10+deb8u1 | slpd_1.2.1-10+deb8u1_mipsel.deb |
Debian | 7 | armel | libslp-dev | < 1.2.1-9+deb7u1 | libslp-dev_1.2.1-9+deb7u1_armel.deb |
Debian | 7 | mipsel | slptool | < 1.2.1-9+deb7u1 | slptool_1.2.1-9+deb7u1_mipsel.deb |
Debian | 7 | s390x | slpd | < 1.2.1-9+deb7u1 | slpd_1.2.1-9+deb7u1_s390x.deb |
Debian | 8 | mips | libslp-dev | < 1.2.1-10+deb8u1 | libslp-dev_1.2.1-10+deb8u1_mips.deb |
Debian | 6 | all | openslp-doc | < 1.2.1-7.8+deb6u1 | openslp-doc_1.2.1-7.8+deb6u1_all.deb |
Debian | 8 | arm64 | slpd | < 1.2.1-10+deb8u1 | slpd_1.2.1-10+deb8u1_arm64.deb |
Debian | 8 | s390x | libslp-dev | < 1.2.1-10+deb8u1 | libslp-dev_1.2.1-10+deb8u1_s390x.deb |
Debian | 8 | kfreebsd-amd64 | libslp1 | < 1.2.1-10+deb8u1 | libslp1_1.2.1-10+deb8u1_kfreebsd-amd64.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
97.2%