PT-2011-1422 · Openslp+2 · Openslp+2

Nicolas Gregoire

Published

2011-03-11

Updated

2024-06-15

CVE-2010-3609

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenSLP versions prior to SVN revision 1647 VMware ESX versions 4.0 and 4.1 VMware ESXi versions 4.0 and 4.1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending a packet with a "next extension offset" that references the current extension or a previous one.

Recommendations For OpenSLP versions prior to SVN revision 1647, update to a version after SVN revision 1647 to resolve the issue. For VMware ESX versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP. For VMware ESXi versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2018-2713

CVE-2010-3609

DLA-304-1

OPENSUSE-SU-2024:10065-1

Affected Products

Alt Linux

Openslp

Vmware Esxi

PT-2011-1422 · Openslp+2 · Openslp+2

CVE-2010-3609

Related Identifiers

Affected Products

References · 32