Rapid7 Vulnerability & Exploit Database

USN-2730-1: OpenSLP vulnerabilities

Back to Search

USN-2730-1: OpenSLP vulnerabilities

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
09/03/2015
Created
07/25/2018
Added
09/08/2015
Modified
07/09/2020

Description

Georgi Geshev discovered that OpenSLP incorrectly handled processingcertain service requests. A remote attacker could possibly use this issueto cause OpenSLP to crash, resulting in a denial of service. This issueonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2012-4428) Qinghao Tang discovered that OpenSLP incorrectly handled processing certainmessages. A remote attacker could possibly use this issue to causeOpenSLP to crash, resulting in a denial of service. (CVE-2015-5177) The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. CVE-2012-4428, CVE-2015-5177

Solution(s)

  • ubuntu-upgrade-libslp1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;