Vulnerabilities > CVE-2004-0989 - Remote Stack Buffer Overflow vulnerability in Libxml2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| Application | 1 | |
| OS | 1 | |
| OS | 2 | |
| OS | 2 |
Exploit-Db
| description | Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilities. CVE-2004-0989. Remote exploit for linux platform |
| id | EDB-ID:24704 |
| last seen | 2016-02-02 |
| modified | 2004-10-26 |
| published | 2004-10-26 |
| reporter | Sean |
| source | https://www.exploit-db.com/download/24704/ |
| title | Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-615.NASL description An updated libxml2 package that fixes multiple buffer overflows is now available. libxml2 is a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml2, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15702 published 2004-11-13 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15702 title RHEL 2.1 / 3 : libxml2 (RHSA-2004:615) NASL family FreeBSD Local Security Checks NASL id FREEBSD_LIBXML_1817_3.NASL description The following package needs to be updated: libxml2 last seen 2016-09-26 modified 2011-10-03 plugin id 15805 published 2004-11-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=15805 title FreeBSD : libxml -- remote buffer overflows (98) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-582.NASL description 'infamous41md last seen 2020-06-01 modified 2020-06-02 plugin id 15680 published 2004-11-10 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15680 title Debian DSA-582-1 : libxml - buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-89-1.NASL description Several buffer overflows have been discovered in libxml last seen 2020-06-01 modified 2020-06-02 plugin id 20714 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20714 title Ubuntu 4.10 : libxml vulnerabilities (USN-89-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2004-650.NASL description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21794 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21794 title CentOS 3 : libxml (CESA-2004:650) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-001.NASL description he remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16251 published 2005-01-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16251 title Mac OS X Multiple Vulnerabilities (Security Update 2005-001) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-650.NASL description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15991 published 2004-12-17 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15991 title RHEL 2.1 / 3 : libxml (RHSA-2004:650) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-05.NASL description The remote host is affected by the vulnerability described in GLSA-200411-05 (libxml2: Remotely exploitable buffer overflow) Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and resolving names via DNS. Impact : An attacker could exploit an application that uses libxml2 by forcing it to parse a specially crafted XML file, potentially causing remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15610 published 2004-11-03 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15610 title GLSA-200411-05 : libxml2: Remotely exploitable buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9FF4C91E328C11D9A9E70001020EED82.NASL description infamous41md reports that libxml contains multiple buffer overflows in the URL parsing and DNS name resolving functions. These vulnerabilities could lead to execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 38061 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38061 title FreeBSD : libxml -- remote buffer overflows (9ff4c91e-328c-11d9-a9e7-0001020eed82) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-127.NASL description Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitrary code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15638 published 2004-11-05 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15638 title Mandrake Linux Security Advisory : libxml/libxml2 (MDKSA-2004:127) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8582.NASL description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40603 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40603 title Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8594.NASL description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40604 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40604 title Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594) NASL family SuSE Local Security Checks NASL id SUSE9_9579.NASL description This update adds missing patches for a buffer overflow in URL parsing code (CVE-2004-0989) and a buffer overflow while handling DNS responses. (CVE-2004-0110) These bugs can be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 41341 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41341 title SuSE9 Security Update : libxml (YOU Patch Number 9579)
Oval
accepted 2013-04-29T04:06:14.394-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. family unix id oval:org.mitre.oval:def:10505 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. version 27 accepted 2005-08-18T07:37:00.000-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux description Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. family unix id oval:org.mitre.oval:def:1173 status accepted submitted 2005-06-27T12:00:00.000-04:00 title Multiple Buffer Overflows in libXML2 version 4
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
- http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
- http://marc.info/?l=bugtraq&m=109880813013482&w=2
- http://secunia.com/advisories/13000
- http://securitytracker.com/id?1011941
- http://www.ciac.org/ciac/bulletins/p-029.shtml
- http://www.debian.org/security/2004/dsa-582
- http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.osvdb.org/11179
- http://www.osvdb.org/11180
- http://www.osvdb.org/11324
- http://www.redhat.com/support/errata/RHSA-2004-615.html
- http://www.redhat.com/support/errata/RHSA-2004-650.html
- http://www.securityfocus.com/bid/11526
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
- https://www.ubuntu.com/usn/usn-89-1/