CVE-2017-17833

Published: Apr 23, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Affected (44)

Products: Openslp: Openslp · Debian: Debian Linux · Canonical: Ubuntu Linux · +2 more

Show all products

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Lenovo

29 products

Thinkserver Rd350g Firmware

Thinkserver Rd350x Firmware

Thinkserver Rd450x Firmware

Thinksystem Hr630x Firmware

Thinksystem Hr650x Firmware

Thinksystem Sr630 Firmware

Flex System Fc3171 8gb San Switch Firmware

Storage N3310 Firmware

Storage N4610 Firmware

Bm Nextscale Fan Power Controller

Xclarity Administrator

Thinkserver Rd340 Firmware

Thinkserver Rd350 Firmware

Thinkserver Rd440 Firmware

Thinkserver Rd450 Firmware

Thinkserver Rd550 Firmware

Thinkserver Rd540 Firmware

Thinkserver Rd640 Firmware

Thinkserver Rd650 Firmware

Thinkserver Rq750 Firmware

Thinkserver Rs160 Firmware

Thinkserver Sd350 Firmware

Thinkserver Td340 Firmware

Thinkserver Td350 Firmware

Thinkserver Ts460 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openslp Openslp	Version 1.0.2
Openslp Openslp	Version 1.1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd350g Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkserver Rd350g	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd350x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkserver Rd350x	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd450x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkserver Rd450x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Hr630x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinksystem Hr630x	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Hr650x Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinksystem Hr650x	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Sr630 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinksystem Sr630	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Flex System Fc3171 8gb San Switch Firmware	Before 9.1.13.02.00

Running on/with	Platform Versions
Lenovo Flex System Fc3171 8gb San Switch	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storage N3310 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Storage N3310	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storage N4610 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Storage N4610	All versions

Configuration N

6 vulnerable

Vulnerable Software	Affected Versions
Lenovo Bm Nextscale Fan Power Controller	Before 24p-2.15
Lenovo Cmm	Before 1.8.0
Lenovo Fan Power Controller	Before 30r-1.13
Lenovo Imm1	Before 1.55
Lenovo Imm2	Before 4.70
Lenovo Xclarity Administrator	Before 1.4.0

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd340 Firmware	Before 50.00

Running on/with	Platform Versions
Lenovo Thinkserver Rd340	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd350 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Thinkserver Rd350	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd440 Firmware	Up to 50.00

Running on/with	Platform Versions
Lenovo Thinkserver Rd440	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd450 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Thinkserver Rd450	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd550 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Thinkserver Rd550	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd540 Firmware	Before 50.00

Running on/with	Platform Versions
Lenovo Thinkserver Rd540	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd640 Firmware	Before 50.00

Running on/with	Platform Versions
Lenovo Thinkserver Rd640	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rd650 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Thinkserver Rd650	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rq750 Firmware	Before 1.40

Running on/with	Platform Versions
Lenovo Thinkserver Rq750	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Rs160 Firmware	Before 2.32

Running on/with	Platform Versions
Lenovo Thinkserver Rs160	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Sd350 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkserver Sd350	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Td340 Firmware	Before 46.00

Running on/with	Platform Versions
Lenovo Thinkserver Td340	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Td350 Firmware	Before 4.53.351

Running on/with	Platform Versions
Lenovo Thinkserver Td350	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkserver Ts460 Firmware	Before 2.32

Running on/with	Platform Versions
Lenovo Thinkserver Ts460	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://support.lenovo.com/us/en/solutions/LEN-18247

Source: cve@mitre.org

PatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2240

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2308

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

https://security.gentoo.org/glsa/202005-12

Source: cve@mitre.org

https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/

Source: cve@mitre.org

PatchThird Party Advisory

https://usn.ubuntu.com/3708-1/

Source: cve@mitre.org

Third Party Advisory

http://support.lenovo.com/us/en/solutions/LEN-18247