Vulnerabilities > CVE-2008-2935 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xmlsoft Libxslt
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description | libxslt 1.1.x RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability. CVE-2008-2935. Remote exploit for linux platform |
id | EDB-ID:32133 |
last seen | 2016-02-03 |
modified | 2008-07-31 |
published | 2008-07-31 |
reporter | Chris Evans |
source | https://www.exploit-db.com/download/32133/ |
title | libxslt 1.1.x - RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0649.NASL description Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 43704 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43704 title CentOS 4 / 5 : libxslt (CESA-2008:0649) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0649 and # CentOS Errata and Security Advisory 2008:0649 respectively. # include("compat.inc"); if (description) { script_id(43704); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-2935"); script_bugtraq_id(30467); script_xref(name:"RHSA", value:"2008:0649"); script_name(english:"CentOS 4 / 5 : libxslt (CESA-2008:0649)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue." ); # https://lists.centos.org/pipermail/centos-announce/2008-July/015176.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac975a3d" ); # https://lists.centos.org/pipermail/centos-announce/2008-July/015177.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0a45cdd1" ); # https://lists.centos.org/pipermail/centos-announce/2008-July/015178.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3a1f7086" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxslt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxslt-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/01"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"libxslt-1.1.11-1.c4.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"libxslt-devel-1.1.11-1.c4.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"libxslt-python-1.1.11-1.c4.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"libxslt-1.1.17-2.el5_2.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"libxslt-devel-1.1.17-2.el5_2.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"libxslt-python-1.1.17-2.el5_2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt / libxslt-devel / libxslt-python"); }
NASL family SuSE Local Security Checks NASL id SUSE_LIBXSLT-5458.NASL description A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code. (CVE-2008-2935) last seen 2020-06-01 modified 2020-06-02 plugin id 34077 published 2008-09-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34077 title openSUSE 10 Security Update : libxslt (libxslt-5458) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libxslt-5458. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(34077); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-2935"); script_name(english:"openSUSE 10 Security Update : libxslt (libxslt-5458)"); script_summary(english:"Check for the libxslt-5458 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code. (CVE-2008-2935)" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"libxslt-1.1.17-27") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"libxslt-devel-1.1.17-27") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"libxslt-32bit-1.1.17-27") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.17-27") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libxslt-1.1.20-41.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libxslt-devel-1.1.20-41.4") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"libxslt-32bit-1.1.20-41.4") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.20-41.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2008-7029.NASL description fix for CVE-2008-2935 problem in exslt rc4 crypto extensions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33843 published 2008-08-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33843 title Fedora 8 : libxslt-1.1.24-2.fc8 (2008-7029) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-7029. # include("compat.inc"); if (description) { script_id(33843); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2935"); script_bugtraq_id(30467); script_xref(name:"FEDORA", value:"2008-7029"); script_name(english:"Fedora 8 : libxslt-1.1.24-2.fc8 (2008-7029)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fix for CVE-2008-2935 problem in exslt rc4 crypto extensions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=455848" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-August/013341.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e94e4810" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libxslt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"libxslt-1.1.24-2.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20080731_LIBXSLT_ON_SL4_X.NASL description A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) last seen 2020-06-01 modified 2020-06-02 plugin id 60457 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60457 title Scientific Linux Security Update : libxslt on SL4.x, SL5.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-633-1.NASL description It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767) Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service. (CVE-2008-2935). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33808 published 2008-08-04 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33808 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxslt vulnerabilities (USN-633-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1624.NASL description Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 33773 published 2008-08-01 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33773 title Debian DSA-1624-1 : libxslt - buffer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0649.NASL description Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33784 published 2008-08-01 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33784 title RHEL 4 / 5 : libxslt (RHSA-2008:0649) NASL family SuSE Local Security Checks NASL id SUSE_LIBXSLT-5457.NASL description A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code. (CVE-2008-2935) last seen 2020-06-01 modified 2020-06-02 plugin id 34076 published 2008-09-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34076 title SuSE 10 Security Update : libxslt (ZYPP Patch Number 5457) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBXSLT-080720.NASL description A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code. (CVE-2008-2935) last seen 2020-06-01 modified 2020-06-02 plugin id 40059 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40059 title openSUSE Security Update : libxslt (libxslt-110) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0649.NASL description From Red Hat Security Advisory 2008:0649 : Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67734 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67734 title Oracle Linux 4 / 5 : libxslt (ELSA-2008-0649) NASL family Fedora Local Security Checks NASL id FEDORA_2008-7062.NASL description fix for CVE-2008-2935 problem in exslt rc4 crypto extensions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33845 published 2008-08-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33845 title Fedora 9 : libxslt-1.1.24-2.fc9 (2008-7062) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200808-06.NASL description The remote host is affected by the vulnerability described in GLSA-200808-06 (libxslt: Execution of arbitrary code) Chris Evans (Google Security) reported that the libexslt library that is part of libxslt is affected by a heap-based buffer overflow in the RC4 encryption/decryption functions. Impact : A remote attacker could entice a user to process an XML file using a specially crafted XSLT stylesheet in an application linked against libxslt, possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33836 published 2008-08-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33836 title GLSA-200808-06 : libxslt: Execution of arbitrary code NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-160.NASL description Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibly execute arbitrary code with the privileges of the application in question (CVE-2008-2935). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36753 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36753 title Mandriva Linux Security Advisory : libxslt (MDVSA-2008:160)
Oval
accepted | 2013-04-29T04:09:07.307-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10827 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 30467 CVE(CAN) ID: CVE-2008-2935 Libxslt是为GNOME项目开发的XSLT C库,XSLT本身是用于定义XML转换的XML语言。 Libxslt库的crypto.c文件中crypto:rc4_encrypt函数错误的信任了密钥字符串的长度: static void exsltCryptoRc4EncryptFunction (xmlXPathParserContextPtr ctxt, int nargs) { ... key = xmlXPathPopString (ctxt); key_len = xmlUTF8Strlen (str); ... padkey = xmlMallocAtomic (RC4_KEY_LENGTH); key_size = xmlUTF8Strsize (key, key_len); memcpy (padkey, key, key_size); memset (padkey + key_size, '\0', sizeof (padkey)); ... padkey堆分配是固定的128位(RC4_KEY_LENGTH),但却从XSL函数参数拷贝了任意长度的字符串,带有超长输入的XML文件就可以触发堆溢出,导致执行任意指令。 XMLSoft libxslt 1.1.24 Debian ------ Debian已经为此发布了一个安全公告(DSA-1624-1)以及相应补丁: DSA-1624-1:New libxslt packages fix arbitrary code execution 链接:<a href=http://www.debian.org/security/2008/dsa-1624 target=_blank>http://www.debian.org/security/2008/dsa-1624</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz</a> Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.diff.gz</a> Size/MD5 checksum: 149686 b62a7dd0aa648576a266cd20d634c216 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.dsc</a> Size/MD5 checksum: 849 7d98fdda0079574b360d4a6e2a12e2be alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 107264 4aac707640a9fcf9aabcd42336b38be3 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 365058 0e966c67dfbc374141960789fcbe96ab <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 690408 a431dcc2f32428677e7b737b971e0f9e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 230788 55d88a4f39eeccf4a21cd2b335c35ae5 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_alpha.deb</a> Size/MD5 checksum: 131312 ce983f9b6de55027f803e39d1dda2a25 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 362484 c91d2d5458f6de4002b4401f5675b742 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 225658 6d4a52da7c2ca5a4280b06bdf03875e0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 630884 06616b7e52d2fc80530302c7d3acd540 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 106562 7782d3653528b848ce1d98455f790196 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_amd64.deb</a> Size/MD5 checksum: 131782 8e9ed3c7418725e1853ae5ccbd082c9b arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_arm.deb</a> Size/MD5 checksum: 106452 9ef81b83e04979147310ec62d2682550 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_arm.deb</a> Size/MD5 checksum: 346610 29566f2276ff440e778dac5fb667f346 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_arm.deb</a> Size/MD5 checksum: 613436 a9a4ebc76beb7ca67f9a7e92e8029ca7 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_arm.deb</a> Size/MD5 checksum: 213438 2c16e6911e26b8fb360aabd16281c0f6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_arm.deb</a> Size/MD5 checksum: 126468 b97c69ae48a06fd09a41fadc7c00366c hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 659318 c0f64453ca8cb8dbe9f3970cf157b3ab <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 238420 a7c8f14314bdb82fc51ec1578f4efad3 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 107274 3fc49ac897c34e339b3f496700bdfd5e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 132222 3f4dc4e5f1162e819bc534c610fad3dc <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_hppa.deb</a> Size/MD5 checksum: 360748 a8c4ae1c8f2e8c348c852a0931f762c5 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_i386.deb</a> Size/MD5 checksum: 105974 ea524e8b733c0aa52b797692ee2619b6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_i386.deb</a> Size/MD5 checksum: 216014 27edcf6172b7d9b5b304bf2265ce6e48 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_i386.deb</a> Size/MD5 checksum: 128718 3bb1df547e3b5312a382bda417a23bc6 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_i386.deb</a> Size/MD5 checksum: 352132 a7707c2b2a1014f61b79383d639c734f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_i386.deb</a> Size/MD5 checksum: 589190 ea9dbf9647d07f026c6b1fd40c0a2546 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 364096 277f76958053137cd94f84d3543bfd75 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 110406 2636a094ea4494abb2d972c6a7911689 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 688406 f8a2642f68f1afb6c2fe980acaef4db5 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 135214 69e26e4d34a753112f8b4101f7c39812 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_ia64.deb</a> Size/MD5 checksum: 286960 5e0ade1cf276e946cfd1a7f12160c7a0 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mips.deb</a> Size/MD5 checksum: 650964 68b73cf1d94f9e3df9bb5673270a3e4d <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mips.deb</a> Size/MD5 checksum: 128984 334fcd884357833ef1ba40e9753d856b <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mips.deb</a> Size/MD5 checksum: 106670 d93d383465f3c7943c82dcd65d1ac560 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mips.deb</a> Size/MD5 checksum: 213704 9f9fce502a07f2466b39ff4bf7ef58b0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mips.deb</a> Size/MD5 checksum: 374008 12305da936211d86b13a7c98090391cb mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 625304 53e74fce7300247478e318878b06a863 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 365834 48789b75049ec966939982fafa7fa83e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 106716 d99ec4062b95d872f66a4a68cbd4bb60 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 128606 3ec247d95450b7091ffef7df0adad247 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mipsel.deb</a> Size/MD5 checksum: 213946 5ebc6eb3e75d70a0c093b2e9d65884d7 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 223150 195bcb8c18c3024d4dbf15ad06d3d96c <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 108146 332071c2aabb087b7ee3e6a12e6d2633 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 130170 1f2348ff3cb769eb72bb5a941afc1124 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 612084 76ca146446c6470fab227e5cf4b91445 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_powerpc.deb</a> Size/MD5 checksum: 367182 ec6a577956bedc887267bc6185abcedd s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_s390.deb</a> Size/MD5 checksum: 601870 11a81ef5cf32bb11102b43b62c1d1371 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_s390.deb</a> Size/MD5 checksum: 106834 f3ed9fc6410f2f78de38348736116eee <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_s390.deb</a> Size/MD5 checksum: 131760 1d7705741271ea0227cdf15eae46f846 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_s390.deb</a> Size/MD5 checksum: 226842 7700a4e49d319d5726074de70ff9a68f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_s390.deb</a> Size/MD5 checksum: 359430 f11c56a8baaa1bd61ef074324aea9068 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 599292 568ee2c44a15e4d5b1d27abb5f3f80ad <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 218166 953db53eba1934c6279875e4ff8b6834 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 106372 c9eae6bbdde15ada4613922ab216c6ed <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 129172 8a97bb6cd74fe353383be290ea14298b <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_sparc.deb</a> Size/MD5 checksum: 337986 2f869f832a7ecdcb7a6ae50b12d0e916 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0649-01)以及相应补丁: RHSA-2008:0649-01:Moderate: libxslt security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0649.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0649.html</a> XMLSoft ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.ocert.org/patches/exslt_crypt.patch target=_blank>http://www.ocert.org/patches/exslt_crypt.patch</a> |
id | SSV:3757 |
last seen | 2017-11-19 |
modified | 2008-08-03 |
published | 2008-08-03 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-3757 |
title | libxslt RC4加密/解密函数堆溢出漏洞 |
References
- http://secunia.com/advisories/31230
- http://secunia.com/advisories/31310
- http://secunia.com/advisories/31331
- http://secunia.com/advisories/31363
- http://secunia.com/advisories/31395
- http://secunia.com/advisories/31399
- http://secunia.com/advisories/32453
- http://security.gentoo.org/glsa/glsa-200808-06.xml
- http://securityreason.com/securityalert/4078
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306
- http://www.debian.org/security/2008/dsa-1624
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:160
- http://www.ocert.org/advisories/ocert-2008-009.html
- http://www.ocert.org/patches/exslt_crypt.patch
- http://www.redhat.com/support/errata/RHSA-2008-0649.html
- http://www.scary.beasts.org/security/CESA-2008-003.html
- http://www.securityfocus.com/archive/1/494976/100/0/threaded
- http://www.securityfocus.com/archive/1/495018/100/0/threaded
- http://www.securityfocus.com/archive/1/497829/100/0/threaded
- http://www.securityfocus.com/bid/30467
- http://www.securitytracker.com/id?1020596
- http://www.ubuntu.com/usn/usn-633-1
- http://www.vupen.com/english/advisories/2008/2266/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44141
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html