CVE-2010-3609

Name of the Vulnerable Software and Affected Versions OpenSLP versions prior to SVN revision 1647 VMware ESX versions 4.0 and 4.1 VMware ESXi versions 4.0 and 4.1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending a packet with a "next extension offset" that references the current extension or a previous one.

Recommendations For OpenSLP versions prior to SVN revision 1647, update to a version after SVN revision 1647 to resolve the issue. For VMware ESX versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP. For VMware ESXi versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP.