Back to bug 2183534
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-03-31 14:22:51 UTC | CC | security-response-team | |
| Pedro Sampaio | 2023-03-31 14:23:24 UTC | Blocks | 2183535 | |
| Pedro Sampaio | 2023-03-31 14:30:46 UTC | Deadline | 2023-05-10 | 2023-04-24 |
| Sandipan Roy | 2023-04-05 04:57:04 UTC | Severity | medium | high |
| Priority | medium | high | ||
| Sandipan Roy | 2023-04-05 04:59:24 UTC | Depends On | 2184568, 2184567, 2184570, 2184569, 2184571 | |
| Sandipan Roy | 2023-04-25 16:09:07 UTC | Alias | CVE-2023-28757 | CVE-2023-29552 |
| Summary | EMBARGOED CVE-2023-28757 openslp: Reflective denial of service amplification attack via UDP | EMBARGOED CVE-2023-29552 openslp: Reflective denial of service amplification attack via UDP | ||
| Sandipan Roy | 2023-04-25 16:21:13 UTC | Doc Text | A vulnerability was found in OpenSLP. By this security flaw Service Location Protocol (SLP) are vulnerable to a reflective denial of service amplification attack via UDP. SLP allows an unauthenticated attacker to register new services up to whatever limits set by the SLP implementation. Using UDP and spoofing the source address, an attacker can request the service list, creating a DoS attack on the spoofed address. The amplification factor can reach 2200x. | |
| Sandipan Roy | 2023-04-25 16:28:14 UTC | Deadline | 2023-04-24 | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2023-29552 openslp: Reflective denial of service amplification attack via UDP | CVE-2023-29552 openslp: Reflective denial of service amplification attack via UDP | ||
| Sandipan Roy | 2023-04-25 16:28:30 UTC | Depends On | 2189600 | |
| Paige Jung | 2023-04-25 16:34:26 UTC | Doc Text | A vulnerability was found in OpenSLP. By this security flaw Service Location Protocol (SLP) are vulnerable to a reflective denial of service amplification attack via UDP. SLP allows an unauthenticated attacker to register new services up to whatever limits set by the SLP implementation. Using UDP and spoofing the source address, an attacker can request the service list, creating a DoS attack on the spoofed address. The amplification factor can reach 2200x. | A flaw was found in OpenSLP. Service Location Protocol (SLP) is vulnerable to a reflective denial of service amplification attack via UDP. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. |
| Šárka Jana | 2023-06-29 11:50:43 UTC | Doc Type | If docs needed, set a value | Known Issue |
| Docs Contact | sjanderk | |||
| CC | sjanderk | |||
| Red Hat Bugzilla | 2023-07-07 08:31:10 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team | |||
| Šárka Jana | 2023-07-12 07:08:23 UTC | Doc Text | A flaw was found in OpenSLP. Service Location Protocol (SLP) is vulnerable to a reflective denial of service amplification attack via UDP. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. | .The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427. |
| Šárka Jana | 2023-08-10 12:22:20 UTC | Doc Text | .The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However | The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However |
| Doc Text | , SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and | , SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and | ||
| Doc Text | spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks | spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks | ||
| Doc Text | , such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427. | , such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427. | ||
| Doc Text | The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427. | .The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427. |
Back to bug 2183534