OpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition.
Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. The OpenSLP project is an effort to develop an open-source implementation of Service Location Protocol. When OpenSLP parses a SLP packet containing malformed extensions the extensions parser will enter an infinite loop causing a denial-of-service condition.
If an attacker creates a packet containing a "next extension offset" pointing to itself or to a previous extension, the extension's parser will enter an infinite loop consuming 100% of the CPU.
A remote unauthenticated attacker may be able to create a denial-of-service condition.
Upgrade or apply a patch from the vendor
Thanks to Nicolas Gregoire of Agarri for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-03-21|
|Date Last Updated:||2011-04-21 15:28 UTC|