製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSLP にサービス運用妨害 (DoS) の脆弱性

Title	OpenSLP にサービス運用妨害 (DoS) の脆弱性
Summary	OpenSLP には、サービス運用妨害 (DoS) の脆弱性が存在します。 OpenSLP は、Service Location Protocol (SLP) を実装したオープンソースのソフトウェアです。OpenSLP には、細工された SLP パケットの “next extension offset” が自身または、前の extension をポイントしている場合、無限ループに入る可能性があります。
Possible impacts	遠隔の第三者によって、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。
Solution	[アップデートする] 各ベンダや配布元が提供する情報をもとに本脆弱性が修正されたバージョンにアップデートしてください。
Publication Date	March 22, 2011, midnight
Registration Date	April 6, 2011, 5:27 p.m.
Last Update	April 6, 2011, 5:27 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

OpenSLP

OpenSLP Revision 1646 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3609	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
National Vulnerability Database (NVD)
2	CVE-2010-3609	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3609
Novell
3	CVE-2010-3609	http://support.novell.com/security/cve/CVE-2010-3609.html

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
OpenSLP
1	SCM Repositories - openslp	http://openslp.svn.sourceforge.net/viewvc/openslp/trunk/openslp/common/slp_v2message.c?view=log&pathrev=1647
2	SCM Repositories - openslp (Revision 1647)	http://openslp.svn.sourceforge.net/viewvc/openslp/trunk/openslp/common/slp_v2message.c?r1=1647&r2=1646&pathrev=1647
VMware Security Advisories
3	VMSA-2011-0004	http://www.vmware.com/security/advisories/VMSA-2011-0004.html

その他

No	Name	URL
ISS X-Force Database
1	65931	http://xforce.iss.net/xforce/xfdb/65931
JVN
2	JVNVU#393783	http://jvn.jp/cert/JVNVU393783
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
3	71019	http://osvdb.org/71019
Secunia Advisory
4	SA43601	http://secunia.com/advisories/43601
SecurityFocus
5	46772	http://www.securityfocus.com/bid/46772
SecurityTracker
6	1025168	http://securitytracker.com/id?1025168
US-CERT Vulnerability Note
7	VU#393783	http://www.kb.cert.org/vuls/id/393783
VUPEN Security
8	VUPEN/ADV-2011-0606	http://www.vupen.com/english/advisories/2011/0606

Change Log

No	Changed Details	Date of change
0	[2011年04月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-3609

Summary	The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
Publication Date	March 12, 2011, 2:55 a.m.
Registration Date	Jan. 29, 2021, 11:06 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openslp:openslp:1.2.1:::::::*
cpe:2.3:a:vmware:esxi:4.1:::::::*
cpe:2.3:a:vmware:esxi:4.0:::::::*
cpe:2.3:a:vmware:esx:4.1:::::::*
cpe:2.3:a:vmware:esx:4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.vmware.com/pipermail/security-announce/2011/000126.html
2	http://lists.vmware.com/pipermail/security-announce/2011/000126.html
3	http://secunia.com/advisories/43601	Vendor Advisory
4	http://secunia.com/advisories/43601	Vendor Advisory
5	http://secunia.com/advisories/43742	Vendor Advisory
6	http://secunia.com/advisories/43742	Vendor Advisory
7	http://securityreason.com/securityalert/8127
8	http://securityreason.com/securityalert/8127
9	http://securitytracker.com/id?1025168
10	http://securitytracker.com/id?1025168
11	http://www.kb.cert.org/vuls/id/393783	US Government Resource
12	http://www.kb.cert.org/vuls/id/393783	US Government Resource
13	http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
14	http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
15	http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
16	http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
17	http://www.osvdb.org/71019
18	http://www.osvdb.org/71019
19	http://www.securityfocus.com/archive/1/516909/100/0/threaded
20	http://www.securityfocus.com/archive/1/516909/100/0/threaded
21	http://www.securityfocus.com/bid/46772
22	http://www.securityfocus.com/bid/46772
23	http://www.vmware.com/security/advisories/VMSA-2011-0004.html	Vendor Advisory
24	http://www.vmware.com/security/advisories/VMSA-2011-0004.html	Vendor Advisory
25	http://www.vupen.com/english/advisories/2011/0606	Vendor Advisory
26	http://www.vupen.com/english/advisories/2011/0606	Vendor Advisory
27	http://www.vupen.com/english/advisories/2011/0729	Vendor Advisory
28	http://www.vupen.com/english/advisories/2011/0729	Vendor Advisory
29	https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
30	https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
31	https://security.gentoo.org/glsa/201707-05
32	https://security.gentoo.org/glsa/201707-05
33	https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227
34	https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227

Common Vulnerabilities List