CVE-2010-3609
First published: Fri Mar 11 2011(Updated: )
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS OpenSLP Server | =1.2.1 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/46772
- http://secunia.com/advisories/43601
- http://lists.vmware.com/pipermail/security-announce/2011/000126.html
- http://securitytracker.com/id?1025168
- http://www.vupen.com/english/advisories/2011/0606
- http://www.vmware.com/security/advisories/VMSA-2011-0004.html
- http://www.osvdb.org/71019
- http://www.vupen.com/english/advisories/2011/0729
- http://secunia.com/advisories/43742
- http://www.kb.cert.org/vuls/id/393783
- http://securityreason.com/securityalert/8127
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227
- https://security.gentoo.org/glsa/201707-05
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
- http://www.securityfocus.com/archive/1/516909/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-3609?
CVE-2010-3609 is considered a moderate severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2010-3609?
To fix CVE-2010-3609, users should upgrade to OpenSLP version 1.2.1 SVN revision 1647 or later, and ensure that VMware ESX and ESXi systems are updated to the latest versions.
What systems are affected by CVE-2010-3609?
CVE-2010-3609 affects OpenSLP versions before SVN revision 1647 and VMware ESX 4.0, 4.1 and ESXi 4.0, 4.1.
What type of attack does CVE-2010-3609 facilitate?
CVE-2010-3609 allows remote attackers to execute a denial-of-service attack by sending specially crafted packets.
Is CVE-2010-3609 still a threat to current systems?
CVE-2010-3609 is not a threat to current systems if they are updated beyond the vulnerable versions mentioned, but systems on outdated software remain at risk.
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/weakness
- agent/references
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/openslp
- canonical/centos openslp server
- version/centos openslp server/1.2.1
- vendor/vmware
- canonical/vmware esxi
- version/vmware esxi/4.0
- version/vmware esxi/4.1