CVE-2010-3609

Publication date 11 March 2011

Last updated 24 July 2024


Ubuntu priority

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

Status

Package Ubuntu Release Status
openslp 10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Fixed 1.2.1-5ubuntu0.2
openslp-dfsg 10.10 maverick
Fixed 1.2.1-7.7ubuntu0.1
10.04 LTS lucid
Fixed 1.2.1-7.6ubuntu0.1
9.10 karmic
Fixed 1.2.1-7.5ubuntu0.1
8.04 LTS hardy
Fixed 1.2.1-7.1ubuntu0.2
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

Other references