OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities

Bugtraq ID:	12792
Class:	Boundary Condition Error
CVE:	CVE-2005-0769
Remote:	Yes
Local:	No
Published:	Mar 14 2005 12:00AM
Updated:	Mar 09 2007 09:35PM
Credit:	Discovery is credited to the SUSE Security Team.
Vulnerable:	OpenSLP OpenSLP 1.2.1 OpenSLP OpenSLP 1.2 .0 OpenSLP OpenSLP 1.1.5 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Novell Linux Desktop 9.0 + SuSE Linux Enterprise Server 9 OpenSLP OpenSLP 1.0.11 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 OpenSLP OpenSLP 1.0.10 OpenSLP OpenSLP 1.0.9 a OpenSLP OpenSLP 1.0.8 a OpenSLP OpenSLP 1.0.7 OpenSLP OpenSLP 1.0.6 OpenSLP OpenSLP 1.0.5 OpenSLP OpenSLP 1.0.4 OpenSLP OpenSLP 1.0.3 OpenSLP OpenSLP 1.0.2 OpenSLP OpenSLP 1.0.1 OpenSLP OpenSLP 1.0 .0 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux
Not Vulnerable:	OpenSLP OpenSLP 1.2.1

OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities

OpenSLP is prone to multiple unspecified buffer-overflow vulnerabilities that may be triggered by malformed SLP (Service Location Protocol) packets.

If successfully exploited, these issues could allow remote code execution in the context of the software.

OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities

Solution:
The vendor has addressed the issue in OpenSLP 1.2.1.

Please see the referenced advisories for more information.


HP HP-UX B.11.11

• HP B.11.11 SLP Revision 1.2
  ftp://hpuxslp:[email protected]/upgrade_SLP.depot

HP HP-UX B.11.23

• HP PHNE_33508
  http://itrc.hp.com

OpenSLP OpenSLP 1.0 .0

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.1

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.10

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.11

• Mandrake lib64openslp1-1.0.11-5.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64openslp1-1.0.11-5.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64openslp1-1.0.11-5.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64openslp1-devel-1.0.11-5.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64openslp1-devel-1.0.11-5.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64openslp1-devel-1.0.11-5.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-1.0.11-5.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-1.0.11-5.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-1.0.11-5.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-devel-1.0.11-5.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-devel-1.0.11-5.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libopenslp1-devel-1.0.11-5.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake openslp-1.0.11-5.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake openslp-1.0.11-5.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake openslp-1.0.11-5.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake openslp-1.0.11-5.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730


• Ubuntu libslp-dev_1.0.11-7ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp-dev_1.0.1 1-7ubuntu0.1_amd64.deb


• Ubuntu libslp-dev_1.0.11-7ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp-dev_1.0.1 1-7ubuntu0.1_i386.deb


• Ubuntu libslp-dev_1.0.11-7ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp-dev_1.0.1 1-7ubuntu0.1_powerpc.deb


• Ubuntu libslp1_1.0.11-7ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp1_1.0.11-7 ubuntu0.1_amd64.deb


• Ubuntu libslp1_1.0.11-7ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp1_1.0.11-7 ubuntu0.1_i386.deb


• Ubuntu libslp1_1.0.11-7ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/libslp1_1.0.11-7 ubuntu0.1_powerpc.deb


• Ubuntu openslp-doc_1.0.11-7ubuntu0.1_all.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/o/openslp/openslp-doc_1.0. 11-7ubuntu0.1_all.deb


• Ubuntu slpd_1.0.11-7ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slpd_1.0.11- 7ubuntu0.1_amd64.deb


• Ubuntu slpd_1.0.11-7ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slpd_1.0.11- 7ubuntu0.1_i386.deb


• Ubuntu slpd_1.0.11-7ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slpd_1.0.11- 7ubuntu0.1_powerpc.deb


• Ubuntu slptool_1.0.11-7ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slptool_1.0. 11-7ubuntu0.1_amd64.deb


• Ubuntu slptool_1.0.11-7ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slptool_1.0. 11-7ubuntu0.1_i386.deb


• Ubuntu slptool_1.0.11-7ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/universe/o/openslp/slptool_1.0. 11-7ubuntu0.1_powerpc.deb

OpenSLP OpenSLP 1.0.2

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.3

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.4

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.5

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.6

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.7

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.8 a

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.0.9 a

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP OpenSLP 1.1.5

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730


• SuSE openslp-1.1.5-73.15.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-1.1.5-73. 15.i586.patch.rpm


• SuSE openslp-1.1.5-73.15.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-1.1.5 -73.15.x86_64.patch.rpm


• SuSE openslp-1.1.5-80.4.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-1.1.5-80. 4.i586.patch.rpm


• SuSE openslp-1.1.5-80.4.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-1.1.5 -80.4.x86_64.patch.rpm


• SuSE openslp-devel-1.1.5-73.15.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-devel-1.1 .5-73.15.i586.patch.rpm


• SuSE openslp-devel-1.1.5-73.15.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-devel -1.1.5-73.15.x86_64.patch.rpm


• SuSE openslp-devel-1.1.5-80.4.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-devel-1.1 .5-80.4.i586.patch.rpm


• SuSE openslp-devel-1.1.5-80.4.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-devel -1.1.5-80.4.x86_64.patch.rpm


• SuSE openslp-server-1.1.5-73.15.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-server-1. 1.5-73.15.i586.patch.rpm


• SuSE openslp-server-1.1.5-73.15.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-serve r-1.1.5-73.15.x86_64.patch.rpm


• SuSE openslp-server-1.1.5-80.4.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-server-1. 1.5-80.4.i586.patch.rpm


• SuSE openslp-server-1.1.5-80.4.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-serve r-1.1.5-80.4.x86_64.patch.rpm


• SuSE openslp-1.1.5-73.15.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-1.1.5-73. 15.i586.rpm


• SuSE openslp-1.1.5-73.15.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-1.1.5 -73.15.x86_64.rpm


• SuSE openslp-1.1.5-80.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-1.1.5-80. 4.i586.rpm


• SuSE openslp-1.1.5-80.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-1.1.5 -80.4.x86_64.rpm


• SuSE openslp-devel-1.1.5-73.15.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-devel-1.1 .5-73.15.i586.rpm


• SuSE openslp-devel-1.1.5-73.15.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-devel -1.1.5-73.15.x86_64.rpm


• SuSE openslp-devel-1.1.5-80.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-devel-1.1 .5-80.4.i586.rpm


• SuSE openslp-devel-1.1.5-80.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-devel -1.1.5-80.4.x86_64.rpm


• SuSE openslp-server-1.1.5-73.15.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-server-1. 1.5-73.15.i586.rpm


• SuSE openslp-server-1.1.5-73.15.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-serve r-1.1.5-73.15.x86_64.rpm


• SuSE openslp-server-1.1.5-80.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-server-1. 1.5-80.4.i586.rpm


• SuSE openslp-server-1.1.5-80.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-serve r-1.1.5-80.4.x86_64.rpm

OpenSLP OpenSLP 1.2 .0

• OpenSLP OpenSLP 1.2.1
  http://sourceforge.net/project/showfiles.php?group_id=1730

OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities

References:

• CLSA-2005:967 : openslp (Conectiva)
  
• Project Homepage (OpenSLP)