Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434918 (CVE-2012-4428) - <net-libs/openslp-2.0.0-r3 : Denial of Service Vulnerability (CVE-2012-4428)
Summary: <net-libs/openslp-2.0.0-r3 : Denial of Service Vulnerability (CVE-2012-4428)
Status: RESOLVED FIXED
Alias: CVE-2012-4428
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/50130/
Whiteboard: B3 [glsa cve]
Keywords: PATCH
Depends on: CVE-2016-7567
Blocks:
  Show dependency tree
 
Reported: 2012-09-13 16:26 UTC by Agostino Sarubbo
Modified: 2017-07-08 12:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-13 16:26:17 UTC
Description
Georgi Geshev has discovered a vulnerability in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an out-of-bounds read error within the "SLPIntersectStringList()" function (common/slp_compare.c) when processing service requests and can be exploited to cause a crash via a specially crafted request.

The vulnerability is confirmed in version 1.2.1. Other versions may also be affected.


Solution
No official solution is currently available.
Comment 1 ta2002 2013-07-01 00:52:18 UTC
I was going to file a separate "version bump" bug, but after finding this one, it seems more efficient to just add that information here.

Openslp 2.0.0 was recently released (first release in more than eight years), which likely will have a solution for this problem.
Comment 2 Andreas K. Hüttel gentoo-dev 2013-07-12 20:28:28 UTC
I've added 2.0.0 to the tree, however I cannot test it at all, so NO KEYWORDS. 

Will need full re-keywording.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-01 10:03:08 UTC
Debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=CVE-2012-4428.patch;att=1;bug=687597 .  @maintainers, Please patch and confirm that 2.0.0 is no longer affected.  Request stabilization in this bug when ready.
Comment 4 Thomas Deutschmann gentoo-dev Security 2016-11-21 20:01:20 UTC
@ Maintainer(s): According to https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/log/?path=/openslp/common/slp_compare.c upstream has never patch SLPContainsStringList function which contains the vulnerability.

So please pick-up Debian's version and report upstream.
Comment 5 Andreas K. Hüttel gentoo-dev 2017-02-18 19:11:21 UTC
Strangely this issue was never addressed in 2.0.0 (not even in the upstream hg repository).

I've forward-ported the patch (one chunk needed adapting since someone creatively re-arranged {brack{}ets}, one chunk isn't needed anymore since the code has been independently rewritten). 

Added in net-libs/openslp-2.0.0-r3.
Comment 6 Andreas K. Hüttel gentoo-dev 2017-02-18 19:16:48 UTC
See also: https://sourceforge.net/p/openslp/bugs/156/
Comment 7 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-21 02:49:50 UTC
Added to an existing GLSA Request.
Comment 8 Andreas K. Hüttel gentoo-dev 2017-06-09 23:11:23 UTC
Nothing to do for printing here anymore.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2017-07-08 12:35:19 UTC
This issue was resolved and addressed in
 GLSA 201707-05 at https://security.gentoo.org/glsa/201707-05
by GLSA coordinator Thomas Deutschmann (whissi).