Vulnerabilities > CVE-2012-4428 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-7561.NASL description openslp: denial of service vulnerability (CVE-2010-3609) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-29 plugin id 83890 published 2015-05-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83890 title Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-7561. # include("compat.inc"); if (description) { script_id(83890); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2010-3609", "CVE-2012-4428"); script_xref(name:"FEDORA", value:"2015-7561"); script_name(english:"Fedora 20 : openslp-1.2.1-22.fc20 (2015-7561)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "openslp: denial of service vulnerability (CVE-2010-3609) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=684294" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=857242" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6f58f5f1" ); script_set_attribute( attribute:"solution", value:"Update the affected openslp package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openslp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"openslp-1.2.1-22.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openslp"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0922-1.NASL description This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83756 published 2015-05-21 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83756 title SUSE SLED11 / SLES11 Security Update : OpenSLP (SUSE-SU-2015:0922-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0922-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83756); script_version("2.8"); script_cvs_date("Date: 2019/12/16"); script_cve_id("CVE-2012-4428"); script_bugtraq_id(55540); script_name(english:"SUSE SLED11 / SLES11 Security Update : OpenSLP (SUSE-SU-2015:0922-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=778508" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=855385" ); # https://download.suse.com/patch/finder/?keywords=ff6cb64881ceac3b2f3c581c50088fa7 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5a30c0a0" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-4428/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150922-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f4ab4bdc" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11 SP3 : zypper in -t patch sdksp3-openslp=10654 SUSE Linux Enterprise Server 11 SP3 for VMware : zypper in -t patch slessp3-openslp=10654 SUSE Linux Enterprise Server 11 SP3 : zypper in -t patch slessp3-openslp=10654 SUSE Linux Enterprise Desktop 11 SP3 : zypper in -t patch sledsp3-openslp=10654 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openslp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openslp-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/02"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); if (os_ver == "SLED11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"openslp-32bit-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"openslp-32bit-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"openslp-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"openslp-server-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"openslp-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"openslp-32bit-1.2.0-172.24.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"openslp-1.2.0-172.24.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenSLP"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201707-05.NASL description The remote host is affected by the vulnerability described in GLSA-201707-05 (OpenSLP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 101336 published 2017-07-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101336 title GLSA-201707-05 : OpenSLP: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-304.NASL description Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a last seen 2020-03-17 modified 2015-09-04 plugin id 85769 published 2015-09-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85769 title Debian DLA-304-1 : openslp-dfsg security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2730-1.NASL description Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85798 published 2015-09-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85798 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html
- http://www.openwall.com/lists/oss-security/2012/09/13/27
- http://www.securityfocus.com/bid/55540
- http://www.ubuntu.com/usn/USN-2730-1
- https://access.redhat.com/security/cve/cve-2012-4428
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78732
- https://security.gentoo.org/glsa/201707-05
- https://security-tracker.debian.org/tracker/CVE-2012-4428