Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-3609

Published: 11/03/2011 Updated: 10/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Vmware

Vulnerability Summary

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote malicious users to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

vmware esxi 4.0

openslp openslp 1.2.1

vmware esx 4.0

vmware esx 4.1

vmware esxi 4.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-3609
Debian Bug report logs - #623551 CVE-2010-3609 Package: openslp-dfsg; Maintainer for openslp-dfsg is Debian QA Group <packages@qadebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 21 Apr 2011 06:15:08 UTC Severity: grave Tags: security Fixed in version openslp-dfsg/121-8 Done: Mo ...
Ubuntu Security Notice: openslp, openslp-dfsg vulnerability
An attacker could send crafted input to OpenSLP and cause it to hang ...

Exploits

Exploit DB: OpenSLP 1.2.1 / < 1647 trunk - Denial of Service
#!/usr/bin/python # Title: OpenSLP DoS # Author: Nicolas Gregoire (@Agarri_FR) # CVE: 2010-3609 # Software download: wwwopenslporg/downloadhtml # Version: v121 and trunk before revision 1647 # Tested on: Linux Ubuntu 1004, VMware ESX 40 # Notes: It affects some others SLP softwares, like mSLP More details (in French) on my blog =&g ...

References

NVD-CWE-noinfohttp://www.securityfocus.com/bid/46772http://secunia.com/advisories/43601http://lists.vmware.com/pipermail/security-announce/2011/000126.htmlhttp://securitytracker.com/id?1025168http://www.vupen.com/english/advisories/2011/0606http://www.vmware.com/security/advisories/VMSA-2011-0004.htmlhttp://www.osvdb.org/71019http://www.vupen.com/english/advisories/2011/0729http://secunia.com/advisories/43742http://www.kb.cert.org/vuls/id/393783http://securityreason.com/securityalert/8127http://www.mandriva.com/security/advisories?name=MDVSA-2012:141http://www.mandriva.com/security/advisories?name=MDVSA-2013:111https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227https://security.gentoo.org/glsa/201707-05https://exchange.xforce.ibmcloud.com/vulnerabilities/65931http://www.securityfocus.com/archive/1/516909/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623551https://usn.ubuntu.com/1118-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/17610/https://www.kb.cert.org/vuls/id/393783
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook