|
Family: Ubuntu Local Security Checks --> Category: infos
USN98-1 : openslp vulnerabilities Vulnerability Scan
Vulnerability Scan Summary openslp vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libslp-dev
- libslp1
- openslp-doc
- slpd
- slptool
Description :
The SuSE Security Team discovered several buffer overflows in the
OpenSLP server and client library. By sending specially crafted SLP
packets, a remote attacker could exploit this to crash the SLP server
or execute arbitrary code with the rights of the "daemon" user.
Likewise, a malicious SLP server could exploit the client library
vulnerabilities to execute arbitrary code with the rights of the
user running the SLP client application.
Solution :
Upgrade to :
- libslp-dev-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- libslp1-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- openslp-doc-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- slpd-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- slptool-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|