SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   OpenSLP Vendors:   openslp.org
(Gentoo Issues Fix) OpenSLP Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013488
SecurityTracker URL:  http://securitytracker.com/id/1013488
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 21 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.2.1
Description:   Some vulnerabilities were reported in OpenSLP. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted Service Location Protocol (SLP) packets to the target system to trigger buffer overflows and out-of-bounds memory access errors. Arbitrary code can be executed.

The SUSE Security Team discovered these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the OpenSLP process.
Solution:   Gentoo has issued a fix and indicates that all OpenSLP users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/openslp-1.2.1"

Vendor URL:  www.openslp.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2005 OpenSLP Buffer Overflows Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Full-disclosure] [ GLSA 200503-25 ] OpenSLP: Multiple buffer


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1609726228==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig0B55510C5A2CC08218947622"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig0B55510C5A2CC08218947622
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: OpenSLP: Multiple buffer overflows
      Date: March 20, 2005
      Bugs: #85347
        ID: 200503-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple buffer overflows have been found in OpenSLP, which could lead
to the remote execution of arbitrary code.

Background
==========

OpenSLP is an open-source implementation of Service Location Protocol
(SLP).

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  net-libs/openslp       < 1.2.1                           >= 1.2.1

Description
===========

Multiple buffer overflows have been found in OpenSLP, when handling
malformed SLP packets.

Impact
======

By sending specially crafted SLP packets, a remote attacker could
potentially execute arbitrary code with the rights of the OpenSLP
daemon.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All OpenSLP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/openslp-1.2.1"

References
==========

  [ 1 ] SUSE Security Announcement
        http://www.novell.com/linux/security/advisories/2005_15_openslp.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-25.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig0B55510C5A2CC08218947622
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCPey+vcL1obalX08RAnDNAKCNv2nnbt8DHbqpLo3uY4goInKM5ACfWTA+
3FEZmx3v2y7GaHXUmRk6/C0=
=kTYL
-----END PGP SIGNATURE-----

--------------enig0B55510C5A2CC08218947622--

--===============1609726228==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============1609726228==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC