Vulnerabilities > CVE-2008-3529 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
| description | Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC. CVE-2008-3529. Dos exploit for windows platform |
| file | exploits/windows/dos/8798.rb |
| id | EDB-ID:8798 |
| last seen | 2016-02-01 |
| modified | 2009-05-26 |
| platform | windows |
| port | |
| published | 2009-05-26 |
| reporter | Kevin Finisterre |
| source | https://www.exploit-db.com/download/8798/ |
| title | Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC |
| type | dos |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_126357-06.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107950 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107950 title Solaris 10 (x86) : 126357-06 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107950); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-2945", "CVE-2008-3529", "CVE-2008-4225", "CVE-2008-4226", "CVE-2009-0169", "CVE-2009-0170", "CVE-2009-0348", "CVE-2009-2268", "CVE-2009-2712", "CVE-2009-2713", "CVE-2011-0844", "CVE-2011-0847", "CVE-2011-3506"); script_name(english:"Solaris 10 (x86) : 126357-06"); script_summary(english:"Check for patch 126357-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 126357-06" ); script_set_attribute( attribute:"description", value: "Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/126357-06" ); script_set_attribute(attribute:"solution", value:"Install patch 126357-06"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 255, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:126357"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamclnt", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamcon", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamconsdk", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamdistauth", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamext", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamfcd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWampwd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamrsa", version:"7.1,REV=06.06.28.17.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsam", version:"7.1,REV=06.11.20.12.26") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsci", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdk", version:"7.1,REV=07.01.18.06.04") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdkconfig", version:"7.1,REV=06.12.15.12.35") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsfodb", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvc", version:"7.1,REV=06.12.19.15.12") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvcconfig", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamutl", version:"7.1,REV=07.01.18.05.38") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWamclnt / SUNWamcon / SUNWamconsdk / SUNWamdistauth / SUNWamext / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS7_123919.NASL description Sun Management Center 3.6.1: Patch for Solaris 7. Date this patch was last updated by Sun : Dec/01/09 last seen 2020-06-01 modified 2020-06-02 plugin id 23690 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23690 title Solaris 7 (sparc) : 123919-12 NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-5586.NASL description Specially crafted xml files could cause a crash or a heap based buffer overlow in libxml2 (CVE-2008-3281, CVE-2008-3529). last seen 2020-06-01 modified 2020-06-02 plugin id 34208 published 2008-09-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34208 title openSUSE 10 Security Update : libxml2 (libxml2-5586) NASL family Solaris Local Security Checks NASL id SOLARIS10_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120954 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 36756 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=36756 title Solaris 10 (sparc) : 120954-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30014 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30014 title Solaris 5.9 (x86) : 126357-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120955-12.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107871 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107871 title Solaris 10 (x86) : 120955-12 NASL family Solaris Local Security Checks NASL id SOLARIS9_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 37533 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37533 title Solaris 9 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS9_127681.NASL description Sun Management Center 4.0: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67167 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67167 title Solaris 9 (sparc) : 127681-07 NASL family Solaris Local Security Checks NASL id SOLARIS9_114014.NASL description SunOS 5.9: libxml, libxslt and Freeware ma. Date this patch was last updated by Sun : May/26/11 last seen 2020-06-01 modified 2020-06-02 plugin id 13546 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13546 title Solaris 9 (sparc) : 114014-28 NASL family Solaris Local Security Checks NASL id SOLARIS10_123923.NASL description Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123923 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 37632 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=37632 title Solaris 10 (sparc) : 123923-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_125731.NASL description SunOS 5.10: XML and XSLT libraries patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 125731 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30167 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30167 title Solaris 10 (sparc) : 125731-13 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125732-15.NASL description SunOS 5.10_x86: XML and XSLT libraries patch. Date this patch was last updated by Sun : Jul/15/19 last seen 2020-06-01 modified 2020-06-02 plugin id 126727 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126727 title Solaris 10 (x86) : 125732-15 NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBXML2-080905.NASL description Specially crafted xml files could cause a crash or a heap based buffer overlow in libxml2 (CVE-2008-3281, CVE-2008-3529). last seen 2020-06-01 modified 2020-06-02 plugin id 40056 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40056 title openSUSE Security Update : libxml2 (libxml2-184) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0017.NASL description a. Updated ESX Service Console package libxml2 A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3281 to this issue. Additionally the following was also fixed, but was missing in the security advisory. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3529 to this issue. b. Updated ESX Service Console package ucd-snmp A flaw was found in the way ucd-snmp checks an SNMPv3 packet last seen 2020-06-01 modified 2020-06-02 plugin id 40384 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40384 title VMSA-2008-0017 : Updated ESX packages for libxml2, ucd-snmp, libtiff NASL family Solaris Local Security Checks NASL id SOLARIS10_125731-15.NASL description SunOS 5.10: XML and XSLT libraries patch. Date this patch was last updated by Sun : Jul/15/19 last seen 2020-06-01 modified 2020-06-02 plugin id 126717 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126717 title Solaris 10 (sparc) : 125731-15 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114015.NASL description SunOS 5.9_x86: libxml, libxslt and Freewar. Date this patch was last updated by Sun : May/26/11 last seen 2020-06-01 modified 2020-06-02 plugin id 13587 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13587 title Solaris 9 (x86) : 114015-28 NASL family Scientific Linux Local Security Checks NASL id SL_20080911_LIBXML2_ON_SL3_X.NASL description A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) last seen 2020-06-01 modified 2020-06-02 plugin id 60473 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60473 title Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_125731-11.NASL description SunOS 5.10: XML and XSLT libraries patch. Date this patch was last updated by Sun : Oct/14/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107441 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107441 title Solaris 10 (sparc) : 125731-11 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_127682.NASL description Sun Management Center 4.0: Patch for Solaris 9_x86. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67170 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67170 title Solaris 9 (x86) : 127682-07 NASL family Windows NASL id SAFARI_4.0.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39339 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39339 title Safari < 4.0 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-06.NASL description The remote host is affected by the vulnerability described in GLSA-200812-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35023 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35023 title GLSA-200812-06 : libxml2: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_120954-12.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107369 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107369 title Solaris 10 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125732-13.NASL description SunOS 5.10_x86: XML and XSLT libraries pat. Date this patch was last updated by Sun : Oct/17/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107943 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107943 title Solaris 10 (x86) : 125732-13 NASL family Solaris Local Security Checks NASL id SOLARIS10_126356-06.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Apr/23/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107450 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107450 title Solaris 10 (sparc) : 126356-06 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 44085 published 2010-01-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=44085 title Solaris 5.9 (x86) : 126356-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_125731-13.NASL description SunOS 5.10: XML and XSLT libraries patch. Date this patch was last updated by Sun : Oct/17/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107443 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107443 title Solaris 10 (sparc) : 125731-13 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_123922.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67169 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67169 title Solaris 9 (x86) : 123922-11 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0884.NASL description Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 34170 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34170 title CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0884) NASL family Solaris Local Security Checks NASL id SOLARIS10_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2018-09-01 modified 2018-08-22 plugin id 30007 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30007 title Solaris 5.10 (sparc) : 126356-03 NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0018.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933 last seen 2020-06-01 modified 2020-06-02 plugin id 79462 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79462 title OracleVM 2.1 : libxml2 (OVMSA-2009-0018) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119467.NASL description IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 This plugin has been deprecated and either replaced with individual 119467 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25389 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25389 title Solaris 10 (x86) : 119467-17 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_127680.NASL description Sun Management Center 4.0: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67163 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67163 title Solaris 8 (sparc) : 127680-07 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-644-1.NASL description It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529) USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem. (CVE-2008-3281). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37936 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37936 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxml2 vulnerabilities (USN-644-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125732-11.NASL description SunOS 5.10_x86: XML and XSLT libraries pat. Date this patch was last updated by Sun : Oct/14/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107941 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107941 title Solaris 10 (x86) : 125732-11 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0886.NASL description Updated libxml2 packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) A denial of service flaw was found in the way libxml2 processed certain content. If an application linked against libxml2 processed malformed XML content, it could cause the application to use an excessive amount of CPU time and memory, and stop responding. (CVE-2003-1564) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34191 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34191 title RHEL 2.1 : libxml2 (RHSA-2008:0886) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120955.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 38005 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38005 title Solaris 9 (x86) : 120955-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125732-12.NASL description SunOS 5.10_x86: XML and XSLT libraries patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107942 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107942 title Solaris 10 (x86) : 125732-12 NASL family Solaris Local Security Checks NASL id SOLARIS8_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 37271 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37271 title Solaris 8 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_125731-12.NASL description SunOS 5.10: XML and XSLT libraries patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107442 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107442 title Solaris 10 (sparc) : 125731-12 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0884.NASL description Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 34190 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34190 title RHEL 3 / 4 / 5 : libxml2 (RHSA-2008:0884) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2018-09-01 modified 2018-08-22 plugin id 30010 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30010 title Solaris 5.10 (x86) : 126357-03 NASL family Solaris Local Security Checks NASL id SOLARIS8_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30011 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30011 title Solaris 5.8 (sparc) : 126356-03 NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_7.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38744 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38744 title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123924-11.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 107898 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107898 title Solaris 10 (x86) : 123924-11 NASL family Solaris Local Security Checks NASL id SOLARIS9_123921.NASL description Sun Management Center 3.6.1: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 36354 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36354 title Solaris 9 (sparc) : 123921-12 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D71DA2369A9411DD8F42001C2514716C.NASL description Secunia reports : Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A recursion error exists when processing certain XML content. This can be exploited to e.g. exhaust all available memory and CPU resources by tricking an application using Libxml2 into processing specially crafted XML documents. 2) A boundary error in the processing of long XML entity names in parser.c can be exploited to cause a heap-based buffer overflow when specially crafted XML content is parsed. Successful exploitation may allow execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 34416 published 2008-10-15 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34416 title FreeBSD : libxml2 -- two vulnerabilities (d71da236-9a94-11dd-8f42-001c2514716c) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123924.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123924 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 67153 published 2013-07-03 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=67153 title Solaris 10 (x86) : 123924-11 (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-815-1.NASL description It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40576 published 2009-08-12 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40576 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-5583.NASL description Specially crafted xml files could cause a crash or a heap based buffer overlow in libxml2. (CVE-2008-3281 / CVE-2008-3529) last seen 2020-06-01 modified 2020-06-02 plugin id 34207 published 2008-09-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34207 title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5583) NASL family SuSE Local Security Checks NASL id SUSE9_12237.NASL description Specially crafted XML files could cause a crash or a heap-based buffer overflow in libxml2. (CVE-2008-3281, CVE-2008-3529) last seen 2020-06-01 modified 2020-06-02 plugin id 41240 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41240 title SuSE9 Security Update : libxml2 (YOU Patch Number 12237) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-192.NASL description A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-3529). The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 38013 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38013 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:192) NASL family Windows NASL id SAFARI_3_2_3.NASL description The version of Safari installed on the remote Windows host is earlier than 3.2.3. Such versions are potentially affected by several issues : - A heap-based buffer overflow issue in the libxml library when handling long entity names could lead to a crash or arbitrary code execution. (CVE-2008-3529) - Multiple input validation issues exist in Safari last seen 2020-06-01 modified 2020-06-02 plugin id 38745 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38745 title Safari < 3.2.3 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0884.NASL description From Red Hat Security Advisory 2008:0884 : Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67746 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67746 title Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0884) NASL family Solaris Local Security Checks NASL id SOLARIS9_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30013 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30013 title Solaris 5.9 (sparc) : 126356-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120955.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120955 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 38126 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=38126 title Solaris 10 (x86) : 120955-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_119467.NASL description IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 last seen 2020-06-01 modified 2020-06-02 plugin id 23612 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23612 title Solaris 9 (x86) : 119467-17 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125732.NASL description SunOS 5.10_x86: XML and XSLT libraries pat. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 125732 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30173 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30173 title Solaris 10 (x86) : 125732-13 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30012 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30012 title Solaris 5.8 (x86) : 126357-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_123923-12.NASL description Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 107395 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107395 title Solaris 10 (sparc) : 123923-12 NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39338 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39338 title Mac OS X : Apple Safari < 4.0 NASL family Solaris Local Security Checks NASL id SOLARIS8_123920.NASL description Sun Management Center 3.6.1: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 37363 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37363 title Solaris 8 (sparc) : 123920-12 NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-002.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38743 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38743 title Mac OS X Multiple Vulnerabilities (Security Update 2009-002) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1654.NASL description It was discovered that libxml2, the GNOME XML library, didn last seen 2020-06-01 modified 2020-06-02 plugin id 34415 published 2008-10-15 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34415 title Debian DSA-1654-1 : libxml2 - buffer overflow
Oval
accepted 2013-04-29T04:15:39.568-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. family unix id oval:org.mitre.oval:def:11760 status accepted submitted 2010-07-09T03:56:16-04:00 title Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. version 27 accepted 2010-05-17T04:00:11.155-04:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name J. Daniel Brown organization DTCC
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMWare ESX Server 3.0.2 is installed oval oval:org.mitre.oval:def:5613 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. family unix id oval:org.mitre.oval:def:6103 status accepted submitted 2009-09-23T15:39:02.000-04:00 title Libxml2 Heap Overflow in xmlParseAttValueComplex() Lets Remote Users Execute Arbitrary Code version 5
Packetstorm
data source https://packetstormsecurity.com/files/download/78575/NETRAGARD-20090622.txt id PACKETSTORM:78575 last seen 2016-12-05 published 2009-06-23 reporter Adriel T. Desautels source https://packetstormsecurity.com/files/78575/Netragard-Security-Advisory-2009-06-22.html title Netragard Security Advisory 2009-06-22 data source https://packetstormsecurity.com/files/download/77817/safarilibxml-overflow.txt id PACKETSTORM:77817 last seen 2016-12-05 published 2009-05-27 reporter Kevin Finisterre source https://packetstormsecurity.com/files/77817/Safari-RSS-feed-Buffer-Overflow.html title Safari RSS feed:// Buffer Overflow
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 31126 CVE(CAN) ID: CVE-2008-3529 libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml2库的parser.c文件中的xmlParseAttValueComplex函数中存在堆溢出漏洞,如果用户受骗打开的XML文件中包含有超长的实体名称的话,就可以触发这个溢出,导致拒绝服务或执行任意指令。 XMLSoft Libxml2 < 2.7.0 RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0886-01)以及相应补丁: RHSA-2008:0886-01:Important: libxml2 security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0886.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0886.html</a> id SSV:4076 last seen 2017-11-19 modified 2008-09-22 published 2008-09-22 reporter Root title libxml XML实体名堆溢出漏洞 bulletinFamily exploit description BUGTRAQ ID: 31126 CVE ID:CVE-2008-3529 CNCVE ID:CNCVE-20083529 libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml处理畸形XML内容时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 当libxml2处理超长XML实体名时存在基于堆的缓冲区溢出,如果应用程序链接libxml2处理不可信的畸形XML内容,可导致应用程序崩溃或任意代码执行。 XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.6.16 XMLSoft Libxml2 2.6.15 XMLSoft Libxml2 2.6.14 + OpenPKG OpenPKG Current XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 XMLSoft Libxml2 2.6.9 + Conectiva Linux 10.0 + Conectiva Linux 9.0 XMLSoft Libxml2 2.6.8 + RedHat Fedora Core2 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 XMLSoft Libxml2 2.5.10 + Trustix Secure Linux 2.0 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 XMLSoft Libxml2 2.5.1 + Conectiva Linux 9.0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 可参考如下补丁: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: <a href=ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm id SSV:4049 last seen 2017-11-19 modified 2008-09-14 published 2008-09-14 reporter Root title libxml XML实体名堆缓冲区溢出漏洞 bulletinFamily exploit description No description provided by source. id SSV:11422 last seen 2017-11-19 modified 2009-05-27 published 2009-05-27 reporter Root source https://www.seebug.org/vuldb/ssvid-11422 title Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
References
- http://xmlsoft.org/news.html
- https://bugzilla.redhat.com/show_bug.cgi?id=461015
- http://www.redhat.com/support/errata/RHSA-2008-0884.html
- http://www.redhat.com/support/errata/RHSA-2008-0886.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
- http://securitytracker.com/id?1020855
- http://secunia.com/advisories/31855
- http://www.securityfocus.com/bid/31126
- http://secunia.com/advisories/31860
- http://secunia.com/advisories/31868
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
- http://www.debian.org/security/2008/dsa-1654
- http://secunia.com/advisories/32280
- http://secunia.com/advisories/32807
- http://wiki.rpath.com/Advisories:rPSA-2008-0325
- http://security.gentoo.org/glsa/glsa-200812-06.xml
- http://secunia.com/advisories/32974
- http://secunia.com/advisories/33715
- http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
- http://secunia.com/advisories/33722
- http://secunia.com/advisories/31982
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
- http://secunia.com/advisories/32265
- http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
- http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
- http://support.apple.com/kb/HT3549
- http://www.vupen.com/english/advisories/2009/1298
- http://secunia.com/advisories/35056
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/31558
- http://support.apple.com/kb/HT3550
- http://www.vupen.com/english/advisories/2009/1297
- http://support.apple.com/kb/HT3613
- http://secunia.com/advisories/35379
- http://www.vupen.com/english/advisories/2009/1522
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://support.apple.com/kb/HT3639
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://www.vupen.com/english/advisories/2009/1621
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
- http://secunia.com/advisories/36235
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
- http://secunia.com/advisories/36173
- http://www.ubuntu.com/usn/USN-815-1
- http://www.vupen.com/english/advisories/2008/2822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
- https://www.exploit-db.com/exploits/8798
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
- https://usn.ubuntu.com/644-1/