Vulnerabilities > CVE-2009-0585 - Numeric Errors vulnerability in JOE Shaw Libsoup
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12411.NASL description Large strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585) last seen 2020-06-01 modified 2020-06-02 plugin id 41297 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41297 title SuSE9 Security Update : libsoup (YOU Patch Number 12411) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-081.NASL description An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0585). This update provides the fix for that security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37334 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37334 title Mandriva Linux Security Advisory : libsoup (MDVSA-2009:081) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-737-1.NASL description It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38092 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38092 title Ubuntu 6.06 LTS / 7.10 : libsoup vulnerability (USN-737-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0344.NASL description From Red Hat Security Advisory 2009:0344 : Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup last seen 2020-06-01 modified 2020-06-02 plugin id 67822 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67822 title Oracle Linux 4 / 5 : libsoup (ELSA-2009-0344) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1748.NASL description It was discovered that libsoup, an HTTP library implementation in C, handles large strings insecurely via its Base64 encoding functions. This could possibly lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 35980 published 2009-03-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35980 title Debian DSA-1748-1 : libsoup - integer overflow NASL family SuSE Local Security Checks NASL id SUSE_LIBSOUP-6223.NASL description Large strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585) last seen 2020-06-01 modified 2020-06-02 plugin id 41551 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41551 title SuSE 10 Security Update : libsoup (ZYPP Patch Number 6223) NASL family Scientific Linux Local Security Checks NASL id SL_20090316_LIBSOUP_ON_SL4_X.NASL description An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup last seen 2020-06-01 modified 2020-06-02 plugin id 60547 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60547 title Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0344.NASL description Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup last seen 2020-06-01 modified 2020-06-02 plugin id 35944 published 2009-03-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35944 title RHEL 4 / 5 : libsoup (RHSA-2009:0344) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0344.NASL description Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup last seen 2020-06-01 modified 2020-06-02 plugin id 38892 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38892 title CentOS 4 : libsoup (CESA-2009:0344)
Oval
accepted | 2013-04-29T04:20:33.613-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:9599 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34100 CVE(CAN) ID: CVE-2008-4316,CVE-2009-0586,CVE-2009-0587,CVE-2009-0585 GLib是GTK+和GNOME工程的基础底层核心程序库,是一个综合用途的轻量级的C程序库。 glib库的Base64编码解码函数在处理超长字符串时没有正确地分配内存,在所有情况下都会使用用户提供值所计算出的长度分配堆内存: g_malloc(user_supplied_length * 3 / 4 + some_small_num) 由于算术运算的评估次序,长度在除以4之前首先乘以3,因此用于分配长度的计算参数可能溢出,导致分配不足的区域。 GNOME glib >= 2.12 stable GNOME glib >= 2.11 unstable 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff</a> <a href=http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff</a> <a href=http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff</a> |
id | SSV:4913 |
last seen | 2017-11-19 |
modified | 2009-03-14 |
published | 2009-03-14 |
reporter | Root |
title | GNOME glib Base64编码解码多个整数溢出漏洞 |
References
- http://www.securityfocus.com/bid/34100
- http://openwall.com/lists/oss-security/2009/03/12/2
- http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
- http://www.ocert.org/advisories/ocert-2008-015.html
- http://secunia.com/advisories/34310
- http://secunia.com/advisories/34337
- http://www.redhat.com/support/errata/RHSA-2009-0344.html
- http://www.ubuntu.com/usn/USN-737-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm
- http://secunia.com/advisories/34401
- http://www.debian.org/security/2009/dsa-1748
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:081
- http://secunia.com/advisories/35065
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9599
- http://www.securityfocus.com/archive/1/501712/100/0/threaded