Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN98-1 : openslp vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
openslp vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libslp-dev
- libslp1
- openslp-doc
- slpd
- slptool

Description :

The SuSE Security Team discovered several buffer overflows in the
OpenSLP server and client library. By sending specially crafted SLP
packets, a remote attacker could exploit this to crash the SLP server
or execute arbitrary code with the rights of the "daemon" user.
Likewise, a malicious SLP server could exploit the client library
vulnerabilities to execute arbitrary code with the rights of the
user running the SLP client application.

Solution :

Upgrade to :
- libslp-dev-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- libslp1-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- openslp-doc-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- slpd-1.0.11-7ubuntu0.1 (Ubuntu 4.10)
- slptool-1.0.11-7ubuntu0.1 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.