Vulnerabilities > CVE-2009-0585 - Numeric Errors vulnerability in JOE Shaw Libsoup

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12411.NASL
    descriptionLarge strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585)
    last seen2020-06-01
    modified2020-06-02
    plugin id41297
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41297
    titleSuSE9 Security Update : libsoup (YOU Patch Number 12411)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-081.NASL
    descriptionAn integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0585). This update provides the fix for that security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37334
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37334
    titleMandriva Linux Security Advisory : libsoup (MDVSA-2009:081)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-737-1.NASL
    descriptionIt was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38092
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38092
    titleUbuntu 6.06 LTS / 7.10 : libsoup vulnerability (USN-737-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0344.NASL
    descriptionFrom Red Hat Security Advisory 2009:0344 : Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup
    last seen2020-06-01
    modified2020-06-02
    plugin id67822
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67822
    titleOracle Linux 4 / 5 : libsoup (ELSA-2009-0344)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1748.NASL
    descriptionIt was discovered that libsoup, an HTTP library implementation in C, handles large strings insecurely via its Base64 encoding functions. This could possibly lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id35980
    published2009-03-22
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35980
    titleDebian DSA-1748-1 : libsoup - integer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBSOUP-6223.NASL
    descriptionLarge strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585)
    last seen2020-06-01
    modified2020-06-02
    plugin id41551
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41551
    titleSuSE 10 Security Update : libsoup (ZYPP Patch Number 6223)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090316_LIBSOUP_ON_SL4_X.NASL
    descriptionAn integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup
    last seen2020-06-01
    modified2020-06-02
    plugin id60547
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60547
    titleScientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0344.NASL
    descriptionUpdated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup
    last seen2020-06-01
    modified2020-06-02
    plugin id35944
    published2009-03-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35944
    titleRHEL 4 / 5 : libsoup (RHSA-2009:0344)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0344.NASL
    descriptionUpdated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup
    last seen2020-06-01
    modified2020-06-02
    plugin id38892
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38892
    titleCentOS 4 : libsoup (CESA-2009:0344)

Oval

accepted2013-04-29T04:20:33.613-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
familyunix
idoval:org.mitre.oval:def:9599
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
version27

Redhat

advisories
bugzilla
id488026
titleCVE-2009-0585 libsoup: integer overflow in soup_base64_encode()
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibsoup is earlier than 0:2.2.1-4.el4.1
          ovaloval:com.redhat.rhsa:tst:20090344001
        • commentlibsoup is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20090344002
      • AND
        • commentlibsoup-devel is earlier than 0:2.2.1-4.el4.1
          ovaloval:com.redhat.rhsa:tst:20090344003
        • commentlibsoup-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20090344004
      • AND
        • commentevolution28-libsoup is earlier than 0:2.2.98-5.el4.1
          ovaloval:com.redhat.rhsa:tst:20090344005
        • commentevolution28-libsoup is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20090344006
      • AND
        • commentevolution28-libsoup-devel is earlier than 0:2.2.98-5.el4.1
          ovaloval:com.redhat.rhsa:tst:20090344007
        • commentevolution28-libsoup-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20090344008
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibsoup is earlier than 0:2.2.98-2.el5_3.1
          ovaloval:com.redhat.rhsa:tst:20090344010
        • commentlibsoup is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090344011
      • AND
        • commentlibsoup-devel is earlier than 0:2.2.98-2.el5_3.1
          ovaloval:com.redhat.rhsa:tst:20090344012
        • commentlibsoup-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090344013
rhsa
idRHSA-2009:0344
released2009-03-16
severityModerate
titleRHSA-2009:0344: libsoup security update (Moderate)
rpms
  • evolution28-libsoup-0:2.2.98-5.el4.1
  • evolution28-libsoup-debuginfo-0:2.2.98-5.el4.1
  • evolution28-libsoup-devel-0:2.2.98-5.el4.1
  • libsoup-0:2.2.1-4.el4.1
  • libsoup-0:2.2.98-2.el5_3.1
  • libsoup-debuginfo-0:2.2.1-4.el4.1
  • libsoup-debuginfo-0:2.2.98-2.el5_3.1
  • libsoup-devel-0:2.2.1-4.el4.1
  • libsoup-devel-0:2.2.98-2.el5_3.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34100 CVE(CAN) ID: CVE-2008-4316,CVE-2009-0586,CVE-2009-0587,CVE-2009-0585 GLib是GTK+和GNOME工程的基础底层核心程序库,是一个综合用途的轻量级的C程序库。 glib库的Base64编码解码函数在处理超长字符串时没有正确地分配内存,在所有情况下都会使用用户提供值所计算出的长度分配堆内存: g_malloc(user_supplied_length * 3 / 4 + some_small_num) 由于算术运算的评估次序,长度在除以4之前首先乘以3,因此用于分配长度的计算参数可能溢出,导致分配不足的区域。 GNOME glib &gt;= 2.12 stable GNOME glib &gt;= 2.11 unstable 厂商补丁: GNOME ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff</a> <a href=http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff</a> <a href=http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff</a> <a href=http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff target=_blank rel=external nofollow>http://ocert.org/patches/2008-015/libsoup-base64-CVE-2009-0585.diff</a>
idSSV:4913
last seen2017-11-19
modified2009-03-14
published2009-03-14
reporterRoot
titleGNOME glib Base64编码解码多个整数溢出漏洞