Описание
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
.The Service Location Protocol (SLP) is vulnerable to an attack through UDP
The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address.
To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427.
Отчет
The OpenSLP protocol specification makes it prone to UDP amplification attacks, and the abuse of exposed OpenSLP servers can be used to contribute to Distributed Denial of Service attacks. Due to the protocol implementation, this issue can't be directly fixed. This issue affects the Server component of the openslp package, which is only shipped on Red Hat Enterprise Linux 7 and 9. RHEL 8 only ships the Client component, that is not affected by this CVE. The OpenSLP server is not installed and active on any standard RHEL deployments. If you are using the OpenSLP server, Red Hat recommends to do so in a secure and controlled network environment.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openslp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openslp | Will not fix | ||
| Red Hat Enterprise Linux 8 | openslp | Not affected | ||
| Red Hat Enterprise Linux 9 | openslp | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Уязвимость реализации протокола определения местоположения SLP, связанная с недостаточным контролем объема передаваемых сетевых сообщений, позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании путём регистрации произвольных служб для создания поддельного UDP-трафика
EPSS
7.5 High
CVSS3