Vulnerabilities > CVE-2008-4226 - Resource Management Errors vulnerability in Xmlsoft Libxml 2.7.2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

xmlsoft

CWE-399

critical

nessus

NVD

Published: 2008-11-25

Updated: 2017-09-29

Summary

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

Vulnerable Configurations

Part	Description	Count
Application	Xmlsoft Xmlsoft Libxml 2.7.2	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_126357-06.NASL
description	Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11
last seen	2020-06-01
modified	2020-06-02
plugin id	107950
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107950
title	Solaris 10 (x86) : 126357-06
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107950); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-2945", "CVE-2008-3529", "CVE-2008-4225", "CVE-2008-4226", "CVE-2009-0169", "CVE-2009-0170", "CVE-2009-0348", "CVE-2009-2268", "CVE-2009-2712", "CVE-2009-2713", "CVE-2011-0844", "CVE-2011-0847", "CVE-2011-3506"); script_name(english:"Solaris 10 (x86) : 126357-06"); script_summary(english:"Check for patch 126357-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 126357-06" ); script_set_attribute( attribute:"description", value: "Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/126357-06" ); script_set_attribute(attribute:"solution", value:"Install patch 126357-06"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 255, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:126357"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamclnt", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamcon", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamconsdk", version:"7.1,REV=06.11.22.00.22") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamdistauth", version:"7.1,REV=06.11.22.00.23") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamext", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamfcd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWampwd", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamrsa", version:"7.1,REV=06.06.28.17.03") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsam", version:"7.1,REV=06.11.20.12.26") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsci", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdk", version:"7.1,REV=07.01.18.06.04") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdkconfig", version:"7.1,REV=06.12.15.12.35") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsfodb", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvc", version:"7.1,REV=06.12.19.15.12") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvcconfig", version:"7.1,REV=06.11.20.12.28") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamutl", version:"7.1,REV=07.01.18.05.38") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWamclnt / SUNWamcon / SUNWamconsdk / SUNWamdistauth / SUNWamext / etc"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS7_123919.NASL
description	Sun Management Center 3.6.1: Patch for Solaris 7. Date this patch was last updated by Sun : Dec/01/09
last seen	2020-06-01
modified	2020-06-02
plugin id	23690
published	2006-11-20
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23690
title	Solaris 7 (sparc) : 123919-12

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBXML2-5755.NASL
description	This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
last seen	2020-06-01
modified	2020-06-02
plugin id	41555
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41555
title	SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5755)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_120954.NASL
description	AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120954 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	36756
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=36756
title	Solaris 10 (sparc) : 120954-12 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_126357.NASL
description	Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
last seen	2016-09-26
modified	2011-09-18
plugin id	30014
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30014
title	Solaris 5.9 (x86) : 126357-03

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-10000.NASL
description	This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. Update Information: Fixes a couple of security issues when overflowing text data size of buffer size.
last seen	2016-09-26
modified	2012-10-01
plugin id	37490
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=37490
title	Fedora 10 2008-10000

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_120955-12.NASL
description	AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
last seen	2020-06-01
modified	2020-06-02
plugin id	107871
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107871
title	Solaris 10 (x86) : 120955-12

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_120954.NASL
description	AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
last seen	2020-06-01
modified	2020-06-02
plugin id	37533
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37533
title	Solaris 9 (sparc) : 120954-12

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_127681.NASL
description	Sun Management Center 4.0: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	67167
published	2013-07-03
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67167
title	Solaris 9 (sparc) : 127681-07

NASL family	Web Servers
NASL id	HPSMH_6_0_0_95.NASL
description	According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.0.0.96 / 6.0.0-95. Such versions are potentially affected by the following vulnerabilities : - A cross-site scripting (XSS) vulnerability due to a failure to sanitize UTF-7 encoded input. Browsers are only affected if encoding is set to auto-select. (CVE-2008-1468) - An integer overflow in the libxml2 library that can result in a heap overflow. (CVE-2008-4226) - A buffer overflow in the PHP mbstring extension. (CVE-2008-5557) - An unspecified XSS in PHP when
last seen	2020-06-01
modified	2020-06-02
plugin id	46015
published	2010-04-27
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/46015
title	HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_123923.NASL
description	Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123923 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	37632
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=37632
title	Solaris 10 (sparc) : 123923-12 (deprecated)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12286.NASL
description	This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
last seen	2020-06-01
modified	2020-06-02
plugin id	41253
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41253
title	SuSE9 Security Update : libxml2 (YOU Patch Number 12286)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-9729.NASL
description	Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	34830
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34830
title	Fedora 8 : libxml2-2.7.2-2.fc8 (2008-9729)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_127682.NASL
description	Sun Management Center 4.0: Patch for Solaris 9_x86. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	67170
published	2013-07-03
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67170
title	Solaris 9 (x86) : 127682-07

NASL family	Windows
NASL id	SAFARI_4.0.NASL
description	The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	39339
published	2009-06-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39339
title	Safari < 4.0 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0988.NASL
description	Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	34811
published	2008-11-18
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34811
title	RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0988)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2009-0001.NASL
description	a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	40387
published	2009-07-27
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40387
title	VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200812-06.NASL
description	The remote host is affected by the vulnerability described in GLSA-200812-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	35023
published	2008-12-03
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35023
title	GLSA-200812-06 : libxml2: Multiple vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0988.NASL
description	Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37692
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/37692
title	CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_120954-12.NASL
description	AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
last seen	2020-06-01
modified	2020-06-02
plugin id	107369
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107369
title	Solaris 10 (sparc) : 120954-12

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_126356-06.NASL
description	Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Apr/23/11
last seen	2020-06-01
modified	2020-06-02
plugin id	107450
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107450
title	Solaris 10 (sparc) : 126356-06

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_126356.NASL
description	Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
last seen	2016-09-26
modified	2011-09-18
plugin id	44085
published	2010-01-20
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=44085
title	Solaris 5.9 (x86) : 126356-03

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-673-1.NASL
description	Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. (CVE-2008-4225) Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. (CVE-2008-4226). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	36916
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36916
title	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libxml2 vulnerabilities (USN-673-1)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_123922.NASL
description	Sun Management Center 3.6.1_x86: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	67169
published	2013-07-03
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67169
title	Solaris 9 (x86) : 123922-11

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1666.NASL
description	Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4225 Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. - CVE-2008-4226 Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	34810
published	2008-11-18
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34810
title	Debian DSA-1666-1 : libxml2 - several vulnerabilities

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_126356.NASL
description	Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
last seen	2018-09-01
modified	2018-08-22
plugin id	30007
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30007
title	Solaris 5.10 (sparc) : 126356-03

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBXML2-5754.NASL
description	This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
last seen	2020-06-01
modified	2020-06-02
plugin id	34846
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34846
title	openSUSE 10 Security Update : libxml2 (libxml2-5754)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2009-0018.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933
last seen	2020-06-01
modified	2020-06-02
plugin id	79462
published	2014-11-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79462
title	OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119467.NASL
description	IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 This plugin has been deprecated and either replaced with individual 119467 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	25389
published	2007-06-04
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=25389
title	Solaris 10 (x86) : 119467-17 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_127680.NASL
description	Sun Management Center 4.0: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	67163
published	2013-07-03
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67163
title	Solaris 8 (sparc) : 127680-07

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_120955.NASL
description	AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
last seen	2020-06-01
modified	2020-06-02
plugin id	38005
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/38005
title	Solaris 9 (x86) : 120955-12

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0988.NASL
description	From Red Hat Security Advisory 2008:0988 : Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67769
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67769
title	Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2008-324-01.NASL
description	New libxml2 packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues including a denial or service or the possible execution of arbitrary code if untrusted XML is processed.
last seen	2020-06-01
modified	2020-06-02
plugin id	34822
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34822
title	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : libxml2 (SSA:2008-324-01)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_120954.NASL
description	AM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
last seen	2020-06-01
modified	2020-06-02
plugin id	37271
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37271
title	Solaris 8 (sparc) : 120954-12

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_126357.NASL
description	Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
last seen	2018-09-01
modified	2018-08-22
plugin id	30010
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30010
title	Solaris 5.10 (x86) : 126357-03

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_126356.NASL
description	Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
last seen	2016-09-26
modified	2011-09-18
plugin id	30011
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30011
title	Solaris 5.8 (sparc) : 126356-03

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-231.NASL
description	Drew Yao of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2
last seen	2020-06-01
modified	2020-06-02
plugin id	36883
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36883
title	Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:231)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_F1E0164EB67B11DDA55E00163E000016.NASL
description	Secunia reports : Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) An integer overflow error in the
last seen	2020-06-01
modified	2020-06-02
plugin id	34840
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/34840
title	FreeBSD : libxml2 -- multiple vulnerabilities (f1e0164e-b67b-11dd-a55e-00163e000016)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20081117_LIBXML2_ON_SL3_X.NASL
description	An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225)
last seen	2020-06-01
modified	2020-06-02
plugin id	60496
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60496
title	Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_123924-11.NASL
description	Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	107898
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107898
title	Solaris 10 (x86) : 123924-11

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_123921.NASL
description	Sun Management Center 3.6.1: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	36354
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36354
title	Solaris 9 (sparc) : 123921-12

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_123924.NASL
description	Sun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123924 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	67153
published	2013-07-03
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=67153
title	Solaris 10 (x86) : 123924-11 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_126356.NASL
description	Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
last seen	2016-09-26
modified	2011-09-18
plugin id	30013
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30013
title	Solaris 5.9 (sparc) : 126356-03

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_120955.NASL
description	AM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120955 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	38126
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=38126
title	Solaris 10 (x86) : 120955-12 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_119467.NASL
description	IS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09
last seen	2020-06-01
modified	2020-06-02
plugin id	23612
published	2006-11-06
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23612
title	Solaris 9 (x86) : 119467-17

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-10038.NASL
description	Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62272
published	2012-09-24
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62272
title	Fedora 10 : libxml2-2.7.2-2.fc10 (2008-10038)

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBXML2-5756.NASL
description	This update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
last seen	2020-06-01
modified	2020-06-02
plugin id	34847
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34847
title	SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5756)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_X86_126357.NASL
description	Sun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
last seen	2016-09-26
modified	2011-09-18
plugin id	30012
published	2008-01-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=30012
title	Solaris 5.8 (x86) : 126357-03

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_123923-12.NASL
description	Sun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	107395
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107395
title	Solaris 10 (sparc) : 123923-12

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SAFARI4_0.NASL
description	The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	39338
published	2009-06-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39338
title	Mac OS X : Apple Safari < 4.0

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_123920.NASL
description	Sun Management Center 3.6.1: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09
last seen	2020-06-01
modified	2020-06-02
plugin id	37363
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37363
title	Solaris 8 (sparc) : 123920-12

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-9773.NASL
description	Fixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	34834
published	2008-11-21
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34834
title	Fedora 9 : libxml2-2.7.2-2.fc9 (2008-9773)

Oval

accepted

2009-03-23T04:00:21.430-04:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:6219

status

accepted

submitted

2009-02-13T15:56:00.000-05:00

title

Security Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS)

version

accepted

2010-05-17T04:00:14.937-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Michael Wood
organization Hewlett-Packard
name J. Daniel Brown
organization DTCC

definition_extensions

comment VMWare ESX Server 3.0.3 is installed
oval oval:org.mitre.oval:def:6026
comment VMWare ESX Server 3.0.2 is installed
oval oval:org.mitre.oval:def:5613
comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887

description

family

unix

oval:org.mitre.oval:def:6360

status

accepted

submitted

2009-09-23T15:39:02.000-04:00

title

Libxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code

version

accepted

2013-04-29T04:23:04.825-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9888

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	470480
title	CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment libxml2 is earlier than 0:2.6.16-12.6
oval oval:com.redhat.rhsa:tst:20080988001
comment libxml2 is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080032004
AND
comment libxml2-python is earlier than 0:2.6.16-12.6
oval oval:com.redhat.rhsa:tst:20080988003
comment libxml2-python is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080032006
AND
comment libxml2-devel is earlier than 0:2.6.16-12.6
oval oval:com.redhat.rhsa:tst:20080988005
comment libxml2-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080032002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment libxml2-python is earlier than 0:2.6.26-2.1.2.7
oval oval:com.redhat.rhsa:tst:20080988008
comment libxml2-python is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080032011
AND
comment libxml2 is earlier than 0:2.6.26-2.1.2.7
oval oval:com.redhat.rhsa:tst:20080988010
comment libxml2 is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080032013
AND
comment libxml2-devel is earlier than 0:2.6.26-2.1.2.7
oval oval:com.redhat.rhsa:tst:20080988012
comment libxml2-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080032009

rhsa

id	RHSA-2008:0988
released	2008-11-17
severity	Important
title	RHSA-2008:0988: libxml2 security update (Important)

rpms

libxml2-0:2.4.19-12.ent
libxml2-0:2.5.10-14
libxml2-0:2.6.16-12.6
libxml2-0:2.6.26-2.1.2.7
libxml2-debuginfo-0:2.5.10-14
libxml2-debuginfo-0:2.6.16-12.6
libxml2-debuginfo-0:2.6.26-2.1.2.7
libxml2-devel-0:2.4.19-12.ent
libxml2-devel-0:2.5.10-14
libxml2-devel-0:2.6.16-12.6
libxml2-devel-0:2.6.26-2.1.2.7
libxml2-python-0:2.4.19-12.ent
libxml2-python-0:2.5.10-14
libxml2-python-0:2.6.16-12.6
libxml2-python-0:2.6.26-2.1.2.7

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 32326 CVE(CAN) ID: CVE-2008-4226 libxml软件包提供允许用户操控XML文件的函数库，包含有读、修改和写XML和HTML文件支持。 libxml2库的xmlSAX2Characters()函数中存在整数溢出漏洞，如果用户受骗使用链接到该库的应用程序打开了超大的XML文件的话，就可以触发这个溢出，导致执行任意指令。 XMLSoft Libxml2 2.7.2 Debian ------ Debian已经为此发布了一个安全公告（DSA-1666-1）以及相应补丁: DSA-1666-1：New libxml2 packages fix several vulnerabilities 链接：<a href=http://www.debian.org/security/2008/dsa-1666 target=_blank>http://www.debian.org/security/2008/dsa-1666</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc</a> Size/MD5 checksum: 893 b6b2006ffadfb999e72974d574814b7c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz</a> Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz</a> Size/MD5 checksum: 147867 d6a3bbbe39bffe96867de82b11c7c5be Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb</a> Size/MD5 checksum: 1328280 c2990030601040775b909c8ace076100 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 881946 38629543e71a18f6007b8d61d0500e36 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 821150 f14ee677bb7eac20cd65adef90af0f3c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 37972 d7757b07f8b0c69f9fd0a07a1598a3e3 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 184750 020e5ca7663ee88695e1502c8e8af77c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 917020 f837c687d428d94559bf68e012bc0e02 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 745790 94edf60cc7d02dd31a70376baf740958 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 892010 a648a6d69a73593739035d78ed3c8436 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 796410 9f38a5028c33f32cf1701535c1c37984 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 36682 4de1bfa28b9361e462075451befbe66c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 184126 1aae3163d718d0c378203b7ea1a53a9b arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 673236 cda6995615db6e74610d8a51607e85e4 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 817602 c5f81e370d055ba14a40a64d3fbb6e9e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 34682 4b01403ce80c2949f31559e0eacc044b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 165284 f84251cc53fa6b67b7fb55f58dd47d5b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 742176 2e9e6cbbc777d49a99d8a6d98c5dc799 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 858220 0f8cf389ab60a7639fac0f6499325995 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 863998 2332655d5ec188cf038cf9fcab862d9f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 850370 6c600a26f96c3a3eea898821b0a63937 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 36852 75d6a8790e01eacb3183e6f295542215 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 192850 f635c62c33d9a2ea17015b08370dfd8f i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 857246 6cebb1b5f8e5e87c00319eb59df9c497 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 169026 31acf12efa0a8f37045f3f0869b894f8 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 681544 f0f383f2ea6ae309bfbcd13f2a2e8efa <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 756128 f776e4a0c28389602bb6b26965fc70ce <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 34496 0cf1427860bb36162af23351285ff091 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 196528 3eaa55301a20961852f3a3c5b64bde8c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 48494 280c616ff34b4aa41a48173828b6e66c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 1106616 e7b32b8f711337ca52a041af581a05b6 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 1080448 a7334ed64dba73272b2001e09d18493f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 874194 1410e29414572197b6f82dd5a8be061f mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 840690 ad2ce083ff5c14656ea3ae28b0fa783d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 770540 d1faeaa723c3de301fb4c8a44ece376a <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 34424 c7c9469462957365ab26e7f06e1f0521 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 171674 5e6f7cbe84d053bd19dda54346330f75 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 926930 c4a3402711ebb05f38b1146eebcd0a71 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 34396 79f5ff849d9a0ed01ab567ec542b7f3e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 898480 c195cceafe5efce1de168475a462be54 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 769244 d0d36bff7e63adf76857166c3ed10daa <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 168696 3667deae6585a788c4da731b4fc9383d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 833258 4b1612f79d4b9d1ce2d7086fbb8edbd0 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 780124 0d2ed3ecc5a1e7a5ce3870fab1bcfc43 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 172736 2011f174234c5e939cebeedc2fd9e707 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 37662 94991d67033b1b921bb72e5d7bf2b844 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 898080 321d90790cf68bc046b9b577e7986438 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 771124 47b6d53839ea42f54ae6ad2b89594a26 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 36368 fbc5505f4471c4c2fe6ad41903c5596f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 885484 ead63bcf342e568c9c338c2772ea4e0d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 750248 ed7465c981212e90fac94dc040ac6bb4 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 185718 414512cb0af24a7c5e3622b75ef9b56f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 806342 0f85b6120fdba835eaf39d02b4a606d9 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 34578 dd02c5498d378ee75330f8f93b2eb3a7 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 781490 ecf288ea66fc19e8f9874b90884a888e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 713214 434a8a91f3a4acbfc3df2a2707acbbe0 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 759786 83ba89269fd32296c48c8498e100372b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 176878 9840698d19580fe86bfc55a2347361e5 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0988-01）以及相应补丁: RHSA-2008:0988-01：Important: libxml2 security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0988.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0988.html</a>
id	SSV:4469
last seen	2017-11-19
modified	2008-11-20
published	2008-11-20
reporter	Root
title	libxml2 xmlSAX2Characters()函数整数溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Seebug

References