OpenSLP Heap-Related Memory Corruption Remote Code Execution Vulnerability [CVE-2017-17833]

CVE Number – CVE-2017-17833

A vulnerability in OpenSLP could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability exists in the ProcessSrvRqst function, as defined in the source code file slpd/slpd_process.c, and is due to a failure by the affected software to update a local pointer when handling memory reallocations. This could result in a use-after-free or double-free memory operation error the attacker could use to corrupt heap memory and execute arbitrary code. An attacker could exploit the vulnerability by sending a packet that submits malicious input to the affected software. A successful exploit could result in a memory error that the attacker could use to corrupt heap memory and execute arbitrary code with the privileges of the slpd user, or could cause the affected software to crash and result in a denial of service (DoS) condition.

OpenSLP has confirmed the vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, an attacker must have network access to an affected device. This access requirement may reduce the likelihood of a successful exploit.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators are advised to monitor critical systems.

Vendor Announcements
  • OpenSLP has released a code log entry at the following link: Commit 151f07
Fixed Software




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: