An out-of-bounds read error was reported [1] in OpenSLP's SLPIntersectStringList() function (in common/sip_compare.c) when processing service requests. This could be exploited to cause a crash via a specially-crafted request. The report is against version 1.2.1, however other versions may be affected. There is not yet any upstream patch or bug report. [1] https://secunia.com/advisories/50130/
Created openslp tracking bugs for this issue Affects: fedora-all [bug 857245]
Created openslp tracking bugs for this issue Affects: epel-5 [bug 857247]
The CVE identifier of CVE-2012-4428 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/09/13/27
Upstream bug: http://sourceforge.net/tracker/?func=detail&aid=3065116&group_id=1730&atid=101730
Statement: Not vulnerable. This issue did not affect the versions of openslp as shipped with Red Hat Enterprise Linux 6.
Found 2 patches produced in the wild that appear to be functionally the same, https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=CVE-2012-4428.patch;att=1;bug=687597 ( referenced from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687597 ) and http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/net/openslp/patches/patch-CVE-2012-4428 I'm leaning toward using the debian variant.
openslp-1.2.1-22.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
openslp-1.2.1-22.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.