CVE-2008-0767

Name of the Vulnerable Software and Affected Versions ExtremeZ-IP versions 5.1.2x15 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a packet to the Service Location Protocol (SLP) service on UDP port 427 with a large integer in the number of URLs field. This triggers an out-of-bounds read due to the lack of verification of the consistency between the number of URLs field and the packet length.

Recommendations For ExtremeZ-IP versions 5.1.2x15 and earlier, consider restricting access to the SLP service on UDP port 427 until a patch is available. As a temporary workaround, disabling the SLP service may help minimize the risk of exploitation.