Vulnerability Description
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openslp | Openslp | 1.2.1 |
| Vmware | Esx | 4.0 |
| Vmware | Esxi | 4.0 |
References
- http://lists.vmware.com/pipermail/security-announce/2011/000126.html
- http://secunia.com/advisories/43601Vendor Advisory
- http://secunia.com/advisories/43742Vendor Advisory
- http://securityreason.com/securityalert/8127
- http://securitytracker.com/id?1025168
- http://www.kb.cert.org/vuls/id/393783US Government Resource
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
- http://www.osvdb.org/71019
- http://www.securityfocus.com/archive/1/516909/100/0/threaded
- http://www.securityfocus.com/bid/46772
- http://www.vmware.com/security/advisories/VMSA-2011-0004.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2011/0606Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0729Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
FAQ
What is CVE-2010-3609?
CVE-2010-3609 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1...
How severe is CVE-2010-3609?
CVE-2010-3609 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3609?
Check the references section above for vendor advisories and patch information. Affected products include: Openslp Openslp, Vmware Esx, Vmware Esxi.