Vulnerabilities > CVE-2008-4225 - Numeric Errors vulnerability in Xmlsoft Libxml 2.7.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_126357-06.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107950 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107950 title Solaris 10 (x86) : 126357-06 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107950); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-2945", "CVE-2008-3529", "CVE-2008-4225", "CVE-2008-4226", "CVE-2009-0169", "CVE-2009-0170", "CVE-2009-0348", "CVE-2009-2268", "CVE-2009-2712", "CVE-2009-2713", "CVE-2011-0844", "CVE-2011-0847", "CVE-2011-3506"); script_name(english:"Solaris 10 (x86) : 126357-06"); script_summary(english:"Check for patch 126357-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 126357-06" ); script_set_attribute( attribute:"description", value: "Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/126357-06" ); script_set_attribute(attribute:"solution", value:"Install patch 126357-06"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 255, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:126357"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamclnt", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamcon", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamconsdk", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamdistauth", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamext", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamfcd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWampwd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamrsa", version:"7.1,REV=06.06.28.17.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsam", version:"7.1,REV=06.11.20.12.26") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsci", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdk", version:"7.1,REV=07.01.18.06.04") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdkconfig", version:"7.1,REV=06.12.15.12.35") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsfodb", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvc", version:"7.1,REV=06.12.19.15.12") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvcconfig", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamutl", version:"7.1,REV=07.01.18.05.38") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWamclnt / SUNWamcon / SUNWamconsdk / SUNWamdistauth / SUNWamext / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-5799.NASL description libxml2 could run into an endless loop when processing specially crafted XML files (CVE-2008-4225) last seen 2020-06-01 modified 2020-06-02 plugin id 34983 published 2008-12-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34983 title openSUSE 10 Security Update : libxml2 (libxml2-5799) NASL family Solaris Local Security Checks NASL id SOLARIS7_123919.NASL description Sun Management Center 3.6.1: Patch for Solaris 7. Date this patch was last updated by Sun : Dec/01/09 last seen 2020-06-01 modified 2020-06-02 plugin id 23690 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23690 title Solaris 7 (sparc) : 123919-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120954 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 36756 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=36756 title Solaris 10 (sparc) : 120954-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30014 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30014 title Solaris 5.9 (x86) : 126357-03 NASL family Fedora Local Security Checks NASL id FEDORA_2008-10000.NASL description This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. Update Information: Fixes a couple of security issues when overflowing text data size of buffer size. last seen 2016-09-26 modified 2012-10-01 plugin id 37490 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=37490 title Fedora 10 2008-10000 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120955-12.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107871 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107871 title Solaris 10 (x86) : 120955-12 NASL family Solaris Local Security Checks NASL id SOLARIS9_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 37533 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37533 title Solaris 9 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS9_127681.NASL description Sun Management Center 4.0: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67167 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67167 title Solaris 9 (sparc) : 127681-07 NASL family Solaris Local Security Checks NASL id SOLARIS10_123923.NASL description Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123923 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 37632 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=37632 title Solaris 10 (sparc) : 123923-12 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-5802.NASL description libxml2 could run into an endless loop when processing specially crafted XML files. (CVE-2008-4225) last seen 2020-06-01 modified 2020-06-02 plugin id 35320 published 2009-01-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35320 title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5802) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9729.NASL description Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34830 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34830 title Fedora 8 : libxml2-2.7.2-2.fc8 (2008-9729) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_127682.NASL description Sun Management Center 4.0: Patch for Solaris 9_x86. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67170 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67170 title Solaris 9 (x86) : 127682-07 NASL family Windows NASL id SAFARI_4.0.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39339 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39339 title Safari < 4.0 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0988.NASL description Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34811 published 2008-11-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34811 title RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0988) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0001.NASL description a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40387 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40387 title VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-06.NASL description The remote host is affected by the vulnerability described in GLSA-200812-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35023 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35023 title GLSA-200812-06 : libxml2: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0988.NASL description Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37692 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37692 title CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988) NASL family Solaris Local Security Checks NASL id SOLARIS10_120954-12.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107369 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107369 title Solaris 10 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_126356-06.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Apr/23/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107450 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107450 title Solaris 10 (sparc) : 126356-06 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 44085 published 2010-01-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=44085 title Solaris 5.9 (x86) : 126356-03 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-673-1.NASL description Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. (CVE-2008-4225) Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. (CVE-2008-4226). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36916 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36916 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libxml2 vulnerabilities (USN-673-1) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_123922.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67169 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67169 title Solaris 9 (x86) : 123922-11 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1666.NASL description Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4225 Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. - CVE-2008-4226 Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 34810 published 2008-11-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34810 title Debian DSA-1666-1 : libxml2 - several vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2018-09-01 modified 2018-08-22 plugin id 30007 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30007 title Solaris 5.10 (sparc) : 126356-03 NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBXML2-081107.NASL description libxml2 could run into an endless loop when processing specially crafted XML files (CVE-2008-4225) last seen 2020-06-01 modified 2020-06-02 plugin id 40057 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40057 title openSUSE Security Update : libxml2 (libxml2-314) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0018.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933 last seen 2020-06-01 modified 2020-06-02 plugin id 79462 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79462 title OracleVM 2.1 : libxml2 (OVMSA-2009-0018) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119467.NASL description IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 This plugin has been deprecated and either replaced with individual 119467 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25389 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25389 title Solaris 10 (x86) : 119467-17 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_127680.NASL description Sun Management Center 4.0: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 67163 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67163 title Solaris 8 (sparc) : 127680-07 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120955.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 38005 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38005 title Solaris 9 (x86) : 120955-12 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0988.NASL description From Red Hat Security Advisory 2008:0988 : Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67769 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67769 title Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-324-01.NASL description New libxml2 packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues including a denial or service or the possible execution of arbitrary code if untrusted XML is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 34822 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34822 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : libxml2 (SSA:2008-324-01) NASL family Solaris Local Security Checks NASL id SOLARIS8_120954.NASL description AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 last seen 2020-06-01 modified 2020-06-02 plugin id 37271 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37271 title Solaris 8 (sparc) : 120954-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2018-09-01 modified 2018-08-22 plugin id 30010 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30010 title Solaris 5.10 (x86) : 126357-03 NASL family Solaris Local Security Checks NASL id SOLARIS8_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30011 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30011 title Solaris 5.8 (sparc) : 126356-03 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-231.NASL description Drew Yao of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2 last seen 2020-06-01 modified 2020-06-02 plugin id 36883 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36883 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:231) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F1E0164EB67B11DDA55E00163E000016.NASL description Secunia reports : Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) An integer overflow error in the last seen 2020-06-01 modified 2020-06-02 plugin id 34840 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34840 title FreeBSD : libxml2 -- multiple vulnerabilities (f1e0164e-b67b-11dd-a55e-00163e000016) NASL family SuSE Local Security Checks NASL id SUSE9_12301.NASL description libxml2 could run into an endless loop when processing specially crafted XML files. (CVE-2008-4225) last seen 2020-06-01 modified 2020-06-02 plugin id 41257 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41257 title SuSE9 Security Update : libxml2 (YOU Patch Number 12301) NASL family Scientific Linux Local Security Checks NASL id SL_20081117_LIBXML2_ON_SL3_X.NASL description An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) last seen 2020-06-01 modified 2020-06-02 plugin id 60496 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60496 title Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123924-11.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 107898 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107898 title Solaris 10 (x86) : 123924-11 NASL family Solaris Local Security Checks NASL id SOLARIS9_123921.NASL description Sun Management Center 3.6.1: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 36354 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36354 title Solaris 9 (sparc) : 123921-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123924.NASL description Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123924 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 67153 published 2013-07-03 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=67153 title Solaris 10 (x86) : 123924-11 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_126356.NASL description Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30013 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30013 title Solaris 5.9 (sparc) : 126356-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120955.NASL description AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120955 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 38126 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=38126 title Solaris 10 (x86) : 120955-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_119467.NASL description IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 last seen 2020-06-01 modified 2020-06-02 plugin id 23612 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23612 title Solaris 9 (x86) : 119467-17 NASL family Fedora Local Security Checks NASL id FEDORA_2008-10038.NASL description Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62272 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62272 title Fedora 10 : libxml2-2.7.2-2.fc10 (2008-10038) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_126357.NASL description Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09 last seen 2016-09-26 modified 2011-09-18 plugin id 30012 published 2008-01-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30012 title Solaris 5.8 (x86) : 126357-03 NASL family Solaris Local Security Checks NASL id SOLARIS10_123923-12.NASL description Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 107395 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107395 title Solaris 10 (sparc) : 123923-12 NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39338 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39338 title Mac OS X : Apple Safari < 4.0 NASL family Solaris Local Security Checks NASL id SOLARIS8_123920.NASL description Sun Management Center 3.6.1: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09 last seen 2020-06-01 modified 2020-06-02 plugin id 37363 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37363 title Solaris 8 (sparc) : 123920-12 NASL family Fedora Local Security Checks NASL id FEDORA_2008-9773.NASL description Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34834 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34834 title Fedora 9 : libxml2-2.7.2-2.fc9 (2008-9773)
Oval
accepted 2013-04-29T04:00:34.886-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. family unix id oval:org.mitre.oval:def:10025 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. version 27 accepted 2009-03-23T04:00:21.781-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. family unix id oval:org.mitre.oval:def:6234 status accepted submitted 2009-02-13T15:56:00.000-05:00 title Security Vulnerabilities in the libxml2 Library Routines xmlBufferResize() May Lead to Denial of Service (DoS) version 35 accepted 2010-05-17T04:00:16.481-04:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Michael Wood organization Hewlett-Packard name J. Daniel Brown organization DTCC
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMWare ESX Server 3.0.2 is installed oval oval:org.mitre.oval:def:5613 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. family unix id oval:org.mitre.oval:def:6415 status accepted submitted 2009-09-23T15:39:02.000-04:00 title Libxml2 Integer Overflow in xmlBufferResize() Lets Remote Users Deny Service version 5
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://secunia.com/advisories/32762
- http://secunia.com/advisories/32764
- http://secunia.com/advisories/32766
- http://secunia.com/advisories/32773
- http://secunia.com/advisories/32802
- http://secunia.com/advisories/32807
- http://secunia.com/advisories/32811
- http://secunia.com/advisories/32974
- http://secunia.com/advisories/33417
- http://secunia.com/advisories/33746
- http://secunia.com/advisories/33792
- http://secunia.com/advisories/34247
- http://secunia.com/advisories/35379
- http://secunia.com/advisories/36173
- http://secunia.com/advisories/36235
- http://security.gentoo.org/glsa/glsa-200812-06.xml
- http://securitytracker.com/id?1021239
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
- http://support.apple.com/kb/HT3613
- http://support.apple.com/kb/HT3639
- http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm
- http://wiki.rpath.com/Advisories:rPSA-2008-0325
- http://www.debian.org/security/2008/dsa-1666
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:231
- http://www.osvdb.org/49992
- http://www.redhat.com/support/errata/RHSA-2008-0988.html
- http://www.securityfocus.com/bid/32331
- http://www.ubuntu.com/usn/usn-673-1
- http://www.vmware.com/security/advisories/VMSA-2009-0001.html
- http://www.vupen.com/english/advisories/2008/3176
- http://www.vupen.com/english/advisories/2009/0034
- http://www.vupen.com/english/advisories/2009/0301
- http://www.vupen.com/english/advisories/2009/0323
- http://www.vupen.com/english/advisories/2009/1522
- http://www.vupen.com/english/advisories/2009/1621
- https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10
- https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9
- https://bugzilla.redhat.com/show_bug.cgi?id=470480
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6234
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6415
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html