Vulnerability Details : CVE-2010-3609
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
Vulnerability category: Denial of service
Threat overview for CVE-2010-3609
Top countries where our scanners detected CVE-2010-3609
Top open port discovered on systems with this issue
443
IPs affected by CVE-2010-3609 92
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3609!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3609
Probability of exploitation activity in the next 30 days: 37.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3609
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2010-3609
-
http://securitytracker.com/id?1025168
VMware ESX SLPD Bug Lets Remote Users Deny Service - SecurityTracker
-
https://security.gentoo.org/glsa/201707-05
OpenSLP: Multiple vulnerabilities (GLSA 201707-05) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
mandriva.com
-
http://www.vupen.com/english/advisories/2011/0729
Webmail | OVH- OVHVendor Advisory
-
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
[Security-announce] VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
-
http://www.securityfocus.com/bid/46772
OpenSLP Extension Parser Remote Denial Of Service Vulnerability
-
http://www.securityfocus.com/archive/1/516909/100/0/threaded
SecurityFocus
-
http://securityreason.com/securityalert/8127
VMware ESX/ESXi SLPD ESX Multiple Vulns - CXSecurity.com
-
http://www.vupen.com/english/advisories/2011/0606
Webmail | OVH- OVHVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
mandriva.com
-
http://www.kb.cert.org/vuls/id/393783
VU#393783 - OpenSLP denial of service vulnerabilityUS Government Resource
-
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227
Support/Advisories/MGASA-2012-0227 - Mageia wiki
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
VMware ESX Server and ESXi Service Location Protocol denial of service CVE-2010-3609 Vulnerability Report
-
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
VMSA-2011-0004.3Vendor Advisory
Products affected by CVE-2010-3609
- cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*