1. CVE-Search
  2. CVE-2010-3609
ID CVE-2010-3609
Summary The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 20:04)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 46772
bugtraq 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
cert-vn VU#393783
confirm
gentoo GLSA-201707-05
mandriva
  • MDVSA-2012:141
  • MDVSA-2013:111
mlist [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
osvdb 71019
sectrack 1025168
secunia
  • 43601
  • 43742
sreason 8127
vupen
  • ADV-2011-0606
  • ADV-2011-0729
xf vmware-esxserver-slpd-dos(65931)
Last major update 10-10-2018 - 20:04
Published 11-03-2011 - 17:55
Last modified 10-10-2018 - 20:04
Back to Top