Vulnerability Bulletins

int(1448)

Vulnerability Bulletins

Múltiples desbordamientos de búfer en OpenSLP
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	OpenSLP
Description
Se han descubierto múltiples vulnerabilidades de desbordamiento de búfer en OpenSLP, una implementación de código abierto del protocolo SLP (Service Location Protocol) utilizado por estaciones de trabajo para localizar ciertos servicios y por servidores para anunciarlos. La explotación de estas vulnerabilidades podría permitir a un atacante remoto ejecutar código arbitrario mediante el envío de paquetes SLP especialmente diseñados.
Solution
Actualización de software SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-1.1.5-80.4.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-server-1.1.5-80.4.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-devel-1.1.5-80.4.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-1.1.5-80.4.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-server-1.1.5-80.4.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openslp-devel-1.1.5-80.4.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/openslp-1.1.5-80.4.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-1.1.5-80.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-server-1.1.5-80.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-devel-1.1.5-80.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-1.1.5-80.4.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-server-1.1.5-80.4.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/openslp-devel-1.1.5-80.4.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/openslp-1.1.5-80.4.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-1.1.5-73.15.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-server-1.1.5-73.15.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-devel-1.1.5-73.15.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-1.1.5-73.15.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-server-1.1.5-73.15.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openslp-devel-1.1.5-73.15.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/openslp-1.1.5-73.15.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-1.1.5-73.15.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-server-1.1.5-73.15.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-devel-1.1.5-73.15.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-1.1.5-73.15.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-server-1.1.5-73.15.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openslp-devel-1.1.5-73.15.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/openslp-1.1.5-73.15.src.rpm Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libopenslp1-1.0.11-5.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libopenslp1-devel-1.0.11-5.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/openslp-1.0.11-5.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/openslp-1.0.11-5.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64openslp1-1.0.11-5.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64openslp1-devel-1.0.11-5.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/openslp-1.0.11-5.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/openslp-1.0.11-5.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libopenslp1-1.0.11-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libopenslp1-devel-1.0.11-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/openslp-1.0.11-5.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/openslp-1.0.11-5.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64openslp1-1.0.11-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64openslp1-devel-1.0.11-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/openslp-1.0.11-5.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/openslp-1.0.11-5.1.101mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libopenslp1-1.0.11-5.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libopenslp1-devel-1.0.11-5.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/openslp-1.0.11-5.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64openslp1-1.0.11-5.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64openslp1-devel-1.0.11-5.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/openslp-1.0.11-5.1.C30mdk.src.rpm Hewlett-Packard HP-UX B.11.23 / PHNE_33508 http://itrc.hp.com HP-UX B.11.11 / SLP Revision 1.2 http://software.hp.com
Standar resources
Property	Value
CVE	CAN-2005-0769
BID	12792
Other resources
SUSE Security Announcement SUSE-SA:2005:015 http://www.novell.com/linux/security/advisories/2005_15_openslp.html Mandrakesoft Security Advisories MDKSA-2005:055 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:055 HP SECURITY BULLETIN (HPSBUX02129) https://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00717872

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-03-15
1.1	Aviso emitido por Mandrake (MDKSA-2005:055)	2005-03-16
1.2	CAN añadido	2005-04-01
1.3	Aviso emitido por HP (HPSBUX02129)	2006-10-09
1.4	Aviso actualizado por HP (HPSBUX02129)	2007-03-07

Vulnerability Bulletins

Múltiples desbordamientos de búfer en OpenSLP

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history