Bug 857242 (CVE-2012-4428)

Summary: CVE-2012-4428 openslp: out-of-bounds read in SLPIntersectStringList() can cause DoS
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, rdieter, vcrhonek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:59:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 857245, 857247    
Bug Blocks: 857244    

Description Vincent Danen 2012-09-13 22:08:45 UTC 
An out-of-bounds read error was reported [1] in OpenSLP's SLPIntersectStringList() function (in common/sip_compare.c) when processing service requests.  This could be exploited to cause a crash via a specially-crafted request.  The report is against version 1.2.1, however other versions may be affected.

There is not yet any upstream patch or bug report.

[1] https://secunia.com/advisories/50130/
Comment 1 Vincent Danen 2012-09-13 22:12:36 UTC 
Created openslp tracking bugs for this issue

Affects: fedora-all [bug 857245]
Comment 2 Vincent Danen 2012-09-13 22:13:31 UTC 
Created openslp tracking bugs for this issue

Affects: epel-5 [bug 857247]
Comment 3 Jan Lieskovsky 2012-09-14 09:01:28 UTC 
The CVE identifier of CVE-2012-4428 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/13/27
Comment 4 Huzaifa S. Sidhpurwala 2012-09-20 04:37:20 UTC 
Upstream bug:
http://sourceforge.net/tracker/?func=detail&aid=3065116&group_id=1730&atid=101730
Comment 8 Stefan Cornelius 2012-11-14 14:58:50 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of openslp as shipped with Red Hat Enterprise Linux 6.
Comment 9 Rex Dieter 2015-05-11 12:36:50 UTC 
Found 2 patches produced in the wild that appear to be functionally the same,

https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=CVE-2012-4428.patch;att=1;bug=687597
( referenced from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687597 )

and 

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/net/openslp/patches/patch-CVE-2012-4428

I'm leaning toward using the debian variant.
Comment 10 Fedora Update System 2015-05-26 21:29:57 UTC 
openslp-1.2.1-22.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2015-05-27 16:29:08 UTC 
openslp-1.2.1-22.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.