CVE Number – CVE-2017-17833
A vulnerability in OpenSLP could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability exists in the ProcessSrvRqst function, as defined in the source code file slpd/slpd_process.c, and is due to a failure by the affected software to update a local pointer when handling memory reallocations. This could result in a use-after-free or double-free memory operation error the attacker could use to corrupt heap memory and execute arbitrary code. An attacker could exploit the vulnerability by sending a packet that submits malicious input to the affected software. A successful exploit could result in a memory error that the attacker could use to corrupt heap memory and execute arbitrary code with the privileges of the slpd user, or could cause the affected software to crash and result in a denial of service (DoS) condition.
OpenSLP has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must have network access to an affected device. This access requirement may reduce the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to monitor critical systems.
OpenSLP has released a code log entry at the following link: Commit 151f07
OpenSLP has released a software update at the following link: Lenovo fix for slpd crash during testing: bad pointer after realloc