Vulnerabilities > CVE-2015-5177 - Double Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2015-0007.NASL description The remote VMware ESXi host is affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 86254 published 2015-10-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86254 title VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_3021178_REMOTE.NASL description The remote VMware ESXi host is version 5.1 prior to build 3021178. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 86946 published 2015-11-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86946 title VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007) NASL family Misc. NASL id VMWARE_ESXI_5_5_BUILD_3029944_REMOTE.NASL description The remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 86947 published 2015-11-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86947 title VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-304.NASL description Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a last seen 2020-03-17 modified 2015-09-04 plugin id 85769 published 2015-09-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85769 title Debian DLA-304-1 : openslp-dfsg security update NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_3021432_REMOTE.NASL description The remote VMware ESXi host is version 5.0 prior to build 3021432. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 86945 published 2015-11-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86945 title VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3353.NASL description Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash). last seen 2020-06-01 modified 2020-06-02 plugin id 85810 published 2015-09-08 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85810 title Debian DSA-3353-1 : openslp-dfsg - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2730-1.NASL description Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85798 published 2015-09-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85798 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)
References
- http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/
- http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/
- http://www.securityfocus.com/bid/76635
- http://www.securityfocus.com/bid/76635
- http://www.securitytracker.com/id/1033719
- http://www.securitytracker.com/id/1033719
- https://bugzilla.redhat.com/show_bug.cgi?id=1251064
- https://bugzilla.redhat.com/show_bug.cgi?id=1251064
- https://www.debian.org/security/2015/dsa-3353
- https://www.debian.org/security/2015/dsa-3353