Exploit for VMware ESXi OpenSLP heap overflow

## https://sploitus.com/exploit?id=SAINT:0E6E0EC6C629BC0896A59D009066A35A
Added: 02/10/2023  


### Background

[VMware ESXi](<https://www.vmware.com/products/esxi-and-esx.html>) is a bare metal hypervisor. 

### Problem

A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. 

### Resolution

Upgrade to a fixed version referenced in [VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>) or [disable the SLP service](<https://kb.vmware.com/s/article/76372>). 

### References

<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>  
<https://www.zerodayinitiative.com/advisories/ZDI-21-250/>  


### Limitations

Exploit works on ESXi 6.7.0 builds 14320388 and 16316930. 

### Platforms

ESX