var-201804-0505
Vulnerability from variot
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-12
https://security.gentoo.org/
Severity: Normal Title: OpenSLP: Multiple vulnerabilities Date: May 14, 2020 Bugs: #662878 ID: 202005-12
Synopsis
Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code.
Background
OpenSLP is an open-source implementation of Service Location Protocol (SLP).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openslp <= 2.0.0-r5 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
Description
Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for OpenSLP. We recommend that users unmerge OpenSLP: # emerge --unmerge "net-libs/openslp"
NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued support at this time. It may be possible that a new Gentoo developer will update OpenSLP at a later date. No known alternatives to OpenSLP are in the tree at this time.
References
[ 1 ] CVE-2017-17833 https://nvd.nist.gov/vuln/detail/CVE-2017-17833 [ 2 ] CVE-2019-5544 https://nvd.nist.gov/vuln/detail/CVE-2019-5544
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3708-1 July 09, 2018
openslp-dfsg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
OpenSLP could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - openslp-dfsg: Service Location Protocol library
Details:
It was discovered that OpenSLP incorrectly handled certain memory operations.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.1
Ubuntu 14.04 LTS: libslp1 1.2.1-9ubuntu0.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: openslp security update Advisory ID: RHSA-2018:2240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2240 Issue date: 2018-07-23 CVE Names: CVE-2017-17833 =====================================================================
- Summary:
An update for openslp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks.
Security Fix(es):
- openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
ppc64: openslp-2.0.0-7.el7_5.ppc.rpm openslp-2.0.0-7.el7_5.ppc64.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-server-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
aarch64: openslp-2.0.0-7.el7_5.aarch64.rpm openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-server-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-devel-2.0.0-7.el7_5.ppc.rpm openslp-devel-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-devel-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-17833 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2017-17833
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY hW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx IXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs T6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu 5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO nouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT 743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm /Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr oxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca tehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8 XHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh GSs8CyxuJUo= =aDcY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.0.2"
},
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "flex system fc3171 8gb san switch",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "9.1.13.02.00"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "thinkserver rd650",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinksystem hr630x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm1",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.55"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd440",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd540",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "cmm",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.8.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver td340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "46.00"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "bm nextscale fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "24p-2.15"
},
{
"model": "thinkserver rs160",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm2",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.70"
},
{
"model": "thinkserver td350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "30r-1.13"
},
{
"model": "thinkserver sd350",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd350g",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "thinksystem hr650x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rq750",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinksystem sr630",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "storage n4610",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "storage n3310",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd640",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd450",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.0.20"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.1"
},
{
"model": "thinkserver ts460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver sr630",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rs160",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rq750",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd640",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd340",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr650x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr630x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd650",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd550",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd450",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rs160",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rq750",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinkserver rd650",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd640",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd540",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd450",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd440",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd350",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd340",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
}
],
"sources": [
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr630x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr630x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr650x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr650x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:flex_system_fc3171_8gb_san_switch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.13.02.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:flex_system_fc3171_8gb_san_switch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n3310_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n3310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n4610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n4610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:cmm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:bm_nextscale_fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "24p-2.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "30r-1.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.55",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd540_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rq750_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rq750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rs160_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rs160:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_sd350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_sd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "46.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_ts460_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_ts460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17833",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-108895",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17833",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108895",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. \nAn attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. \nOpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSLP: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #662878\n ID: 202005-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSLP, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenSLP is an open-source implementation of Service Location Protocol\n(SLP). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openslp \u003c= 2.0.0-r5 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSLP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for OpenSLP. We recommend that users\nunmerge OpenSLP:\n # emerge --unmerge \"net-libs/openslp\"\n\nNOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued\nsupport at this time. It may be possible that a new Gentoo developer\nwill update OpenSLP at a later date. No known alternatives to OpenSLP\nare in the tree at this time. \n\nReferences\n==========\n\n[ 1 ] CVE-2017-17833\n https://nvd.nist.gov/vuln/detail/CVE-2017-17833\n[ 2 ] CVE-2019-5544\n https://nvd.nist.gov/vuln/detail/CVE-2019-5544\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3708-1\nJuly 09, 2018\n\nopenslp-dfsg vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nOpenSLP could be made to crash or run programs if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- openslp-dfsg: Service Location Protocol library\n\nDetails:\n\nIt was discovered that OpenSLP incorrectly handled certain memory\noperations. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libslp1 1.2.1-11ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n libslp1 1.2.1-9ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openslp security update\nAdvisory ID: RHSA-2018:2240-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2240\nIssue date: 2018-07-23\nCVE Names: CVE-2017-17833 \n=====================================================================\n\n1. Summary:\n\nAn update for openslp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSLP is an open source implementation of the Service Location Protocol\n(SLP) which is an Internet Engineering Task Force (IETF) standards track\nprotocol and provides a framework to allow networking applications to\ndiscover the existence, location, and configuration of networked services\nin enterprise networks. \n\nSecurity Fix(es):\n\n* openslp: Heap memory corruption in slpd/slpd_process.c allows denial of\nservice or potentially code execution (CVE-2017-17833)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nppc64:\nopenslp-2.0.0-7.el7_5.ppc.rpm\nopenslp-2.0.0-7.el7_5.ppc64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\naarch64:\nopenslp-2.0.0-7.el7_5.aarch64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-server-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-devel-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-17833\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/cve/CVE-2017-17833\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY\nhW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx\nIXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs\nT6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu\n5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO\nnouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT\n743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm\n/Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr\noxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca\ntehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8\nXHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh\nGSs8CyxuJUo=\n=aDcY\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17833",
"trust": 3.2
},
{
"db": "LENOVO",
"id": "LEN-18247",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "157725",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4580",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0570",
"trust": 0.6
},
{
"db": "BID",
"id": "104577",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "148646",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148456",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-108895",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"id": "VAR-201804-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
}
],
"trust": 0.775
},
"last_update_date": "2023-12-18T11:45:27.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1364-1] openslp-dfsg security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"title": "Lenovo fix for slpd crash during testing: bad pointer after realloc.",
"trust": 0.8,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2240"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2308"
},
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-18247"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17833"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17833"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157725/gentoo-linux-security-advisory-202005-12.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10957097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4580/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10956531"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76030"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-17833"
},
{
"trust": 0.3,
"url": "http://www.openslp.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572166"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/len-18247"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5544"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-9ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3708-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T14:53:11",
"db": "PACKETSTORM",
"id": "157725"
},
{
"date": "2018-07-09T23:38:59",
"db": "PACKETSTORM",
"id": "148456"
},
{
"date": "2018-08-03T22:22:22",
"db": "PACKETSTORM",
"id": "148819"
},
{
"date": "2018-07-24T17:33:30",
"db": "PACKETSTORM",
"id": "148646"
},
{
"date": "2018-04-23T18:29:00.663000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T00:15:11.443000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2020-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.