Vulnerabilities > CVE-2015-5177 - Double Free vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
openslp
debian
CWE-415
nessus

Summary

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

Vulnerable Configurations

Part Description Count
Application
Openslp
1
OS
Debian
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2015-0007.NASL
    descriptionThe remote VMware ESXi host is affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id86254
    published2015-10-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86254
    titleVMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_3021178_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 3021178. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id86946
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86946
    titleVMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_5_BUILD_3029944_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.5 prior to build 3029944. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id86947
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86947
    titleVMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-304.NASL
    descriptionSeveral issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a
    last seen2020-03-17
    modified2015-09-04
    plugin id85769
    published2015-09-04
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85769
    titleDebian DLA-304-1 : openslp-dfsg security update
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_3021432_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.0 prior to build 3021432. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id86945
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86945
    titleVMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3353.NASL
    descriptionQinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).
    last seen2020-06-01
    modified2020-06-02
    plugin id85810
    published2015-09-08
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85810
    titleDebian DSA-3353-1 : openslp-dfsg - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2730-1.NASL
    descriptionGeorgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. (CVE-2015-5177). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85798
    published2015-09-04
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85798
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : openslp-dfsg vulnerabilities (USN-2730-1)