Vulnerabilities > CVE-2008-4409 - Resource Management Errors vulnerability in Xmlsoft Libxml2 2.7.0/2.7.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. Patch Information - http://www.securityfocus.com/bid/30783/solution
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | libxml2 Denial of Service Vulnerability. CVE-2008-4409. Dos exploit for unix platform |
| id | EDB-ID:32454 |
| last seen | 2016-02-03 |
| modified | 2008-10-02 |
| published | 2008-10-02 |
| reporter | Christian Weiske |
| source | https://www.exploit-db.com/download/32454/ |
| title | libxml2 - Denial of Service Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-212.NASL description libxml2 version 2.7.0 and 2.7.1 did not properly handle predefined entities definitions in entities, which allowed context-dependent attackers to cause a denial of service (memory consumption and application crash) via certain XML documents (CVE-2008-4409). The updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36844 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36844 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:212) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:212. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36844); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2008-4409"); script_xref(name:"MDVSA", value:"2008:212"); script_name(english:"Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:212)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libxml2 version 2.7.0 and 2.7.1 did not properly handle predefined entities definitions in entities, which allowed context-dependent attackers to cause a denial of service (memory consumption and application crash) via certain XML documents (CVE-2008-4409). The updated packages have been patched to prevent this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2_2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64xml2-devel-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64xml2_2-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libxml2-devel-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"libxml2-python-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"libxml2-utils-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libxml2_2-2.7.1-1.1mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id SAFARI_4.0.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39339 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39339 title Safari < 4.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(39339); script_version("1.30"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id("CVE-2006-2783", "CVE-2008-1588", "CVE-2008-2320", "CVE-2008-2321", "CVE-2008-3281", "CVE-2008-3529", "CVE-2008-3632", "CVE-2008-4225", "CVE-2008-4226", "CVE-2008-4231", "CVE-2008-4409", "CVE-2009-0040", "CVE-2009-0145", "CVE-2009-0153", "CVE-2009-0946", "CVE-2009-1179", "CVE-2009-1681", "CVE-2009-1682", "CVE-2009-1684", "CVE-2009-1685", "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689", "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702", "CVE-2009-1703", "CVE-2009-1704", "CVE-2009-1705", "CVE-2009-1706", "CVE-2009-1707", "CVE-2009-1708", "CVE-2009-1709", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714", "CVE-2009-1715", "CVE-2009-1716", "CVE-2009-1718", "CVE-2009-2027", "CVE-2009-2420", "CVE-2009-2421"); script_bugtraq_id(30487, 31092, 32326, 33276, 35260, 35270, 35271, 35272, 35283, 35284, 35308, 35309, 35310, 35311, 35315, 35317, 35318, 35319, 35320, 35321, 35322, 35325, 35327, 35328, 35330, 35331, 35332, 35333, 35334, 35339, 35340, 35344, 35346, 35347, 35348, 35349, 35350, 35351, 35352, 35353, 35481, 35482); script_name(english:"Safari < 4.0 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3613"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/17079"); script_set_attribute(attribute:"solution", value:"Upgrade to Safari 4.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 94, 119, 189, 200, 255, 264, 310, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); path = get_kb_item("SMB/Safari/Path"); version = get_kb_item("SMB/Safari/FileVersion"); if (isnull(version)) exit(0); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 4 || ( ver[0] == 4 && ( ver[1] < 530 || (ver[1] == 530 && ver[2] < 17) ) ) ) { if (report_verbosity > 0) { if (isnull(path)) path = "n/a"; prod_version = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_version)) version = prod_version; report = string( "\n", "Nessus collected the following information about the current install\n", "of Safari on the remote host :\n", "\n", " Version : ", version, "\n", " Path : ", path, "\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-06.NASL description The remote host is affected by the vulnerability described in GLSA-200812-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35023 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35023 title GLSA-200812-06 : libxml2: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2008-8575.NASL description This is an urgent security fix for a bug newly introduced in libxml2-2.7.x leading to CPU and memory exhaustion. See upstream bug report for further details: https://bugzilla.gnome.org/show_bug.cgi?id=554660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34341 published 2008-10-06 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34341 title Fedora 9 : libxml2-2.7.1-2.fc9 (2008-8575) NASL family Fedora Local Security Checks NASL id FEDORA_2008-8582.NASL description This is an urgent security fix for a bug newly introduced in libxml2-2.7.x leading to CPU and memory exhaustion. See upstream bug report for further details: https://bugzilla.gnome.org/show_bug.cgi?id=554660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34342 published 2008-10-06 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34342 title Fedora 8 : libxml2-2.7.1-2.fc8 (2008-8582) NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39338 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39338 title Mac OS X : Apple Safari < 4.0
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31555 CVE(CAN) ID: CVE-2008-4409 libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml2没有正确地处理实体中的预定义实体定义,如果用户受骗打开了恶意的XML文件的话,就可能导致耗尽所有内存,应用程序会崩溃。 XMLSoft Libxml2 2.7.1 XMLSoft Libxml2 2.7.0 Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200812-06)以及相应补丁: GLSA-200812-06:libxml2: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200812-06.xml target=_blank>http://security.gentoo.org/glsa/glsa-200812-06.xml</a> 所有libxml2用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" |
| id | SSV:4524 |
| last seen | 2017-11-19 |
| modified | 2008-12-05 |
| published | 2008-12-05 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4524 |
| title | Libxml2预定义实体拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2017-08-07 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://bugzilla.gnome.org/show_bug.cgi?id=554660
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://openwall.com/lists/oss-security/2008/10/02/4
- http://secunia.com/advisories/32130
- http://secunia.com/advisories/32175
- http://secunia.com/advisories/32974
- http://secunia.com/advisories/35379
- http://security.gentoo.org/glsa/glsa-200812-06.xml
- http://support.apple.com/kb/HT3613
- http://support.apple.com/kb/HT3639
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:212
- http://www.securityfocus.com/bid/31555
- http://www.vupen.com/english/advisories/2009/1522
- http://www.vupen.com/english/advisories/2009/1621
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45633
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html