oss-sec mailing list archives
Re: CVE request: DoS in OpenSLP
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 13 Sep 2012 17:44:48 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/13/2012 04:10 PM, Vincent Danen wrote:
Quoting Secunia's report: Georgi Geshev has discovered a vulnerability in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out-of-bounds read error within the "SLPIntersectStringList()" function (common/slp_compare.c) when processing service requests and can be exploited to cause a crash via a specially crafted request. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. References: https://secunia.com/advisories/50130/ https://bugs.gentoo.org/show_bug.cgi?id=434918 https://bugzilla.redhat.com/show_bug.cgi?id=857242 Could a CVE be assigned to this? There is no upstream bug report or patch that I can see.
Please use CVE-2012-4428 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUm/wAAoJEBYNRVNeJnmT1J4QAJ8kfvCpMhKF74zn3T/FpZVs /EnZIoODxYzmbAX9xHXC8NasDZSff/wm7OkKnYFHCEtM5RubAuaEfJv+g3W57SZt yvScLyHqOMOvD+TlwpA/EhjXSA++zeiMP46s3CzPcWITUO4Nc1LAe/r/EkB3YOSx j3TRD3m7cYBYszZOnRVy/avdThAbwOiy8u6wnNfTHLq6z/bzSxmJgbz6RkGbRsVP +dvESU/WbXudJ91YVBnvTHscPUW4f+UVfnFBiOJToivHreqOi2G6dKNt9FmF2XYs hNYC7HOMJfp485ZPDqF2U7Nhg7iBGzbtD3MW/3+k6fW/zD5Lc+75aO3Y8OBVNy1Q CRBDSThL5FOLmASQRq/88d4oBwaV2d1KPtetj78xZWgpaFChwo6jyXpb+dVE6LIO IyKQyvu8WZI5cD3EwPlBNds7kRldEYxJZ5TiYZhCFZd/Q29J9f5sMmGS3kFNSXND F8tk32J/LorWAmSDLYMVED6qp3WT+Fpgy38D6mQApF/pXzY0pJHvEaQxUXMtpyGs jgDZaY7H/Tz8wmxW9As50dFr7r/HrT5p15Q7FpxwvVJUVJeAyt9vP2Oz8au3YBbg C5HoHJ3PMI3ccDkzblQwaRGHmjohw0hVeswqn7XqMkv/KdLa4ggns8XHxfS1J33r sc/JUdKuqHMDBAXY5lbr =pld/ -----END PGP SIGNATURE-----
Current thread:
- CVE request: DoS in OpenSLP Vincent Danen (Sep 13)
- Re: CVE request: DoS in OpenSLP Kurt Seifried (Sep 13)