Vulnerabilities > CVE-2009-2416 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
NASL family Windows NASL id SAFARI_4_0_4.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the last seen 2020-06-01 modified 2020-06-02 plugin id 42478 published 2009-11-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42478 title Safari < 4.0.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42478); script_version("1.16"); script_cve_id( "CVE-2009-2804", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2816", "CVE-2009-2842", "CVE-2009-3384" ); script_bugtraq_id(36357, 36994, 36995, 36997); script_name(english:"Safari < 4.0.4 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - Multiple issues in WebKit's handling of FTP directory listings may lead to information disclosure, unexpected application termination, or execution of arbitrary code. (CVE-2009-3384)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3949" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18277" ); script_set_attribute( attribute:"solution", value:"Upgrade to Safari 4.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 352, 399); script_set_attribute( attribute:"vuln_publication_date", value:"2009/11/11" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/11/11" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/11/12" ); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); path = get_kb_item("SMB/Safari/Path"); version = get_kb_item("SMB/Safari/FileVersion"); if (isnull(version)) exit(0); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 5 || ( ver[0] == 5 && ( ver[1] < 31 || ( ver[1] == 31 && ( ver[2] < 21 || (ver[2] == 21 && ver[3] < 10) ) ) ) ) ) { if (report_verbosity > 0) { if (isnull(path)) path = "n/a"; prod_version = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_version)) version = prod_version; report = string( "\n", "Nessus collected the following information about the current install\n", "of Safari on the remote host :\n", "\n", " Version : ", version, "\n", " Path : ", path, "\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }
NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0_4.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the last seen 2020-06-01 modified 2020-06-02 plugin id 42477 published 2009-11-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42477 title Mac OS X : Apple Safari < 4.0.4 code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42477); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-2842" ); script_bugtraq_id(36994, 36996, 36997); script_name(english:"Mac OS X : Apple Safari < 4.0.4"); script_summary(english:"Check the Safari SourceVersion"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - WebKit fails to issue a resource load callback to determine if a resource should be loaded when it encounters an HTML 5 Media Element pointing to an external resource, which could lead to undesired requests to remote servers. (CVE-2009-2841)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3949" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18277" ); script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 4.0.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 352, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); uname = get_kb_item_or_exit("Host/uname"); if (!egrep(pattern:"Darwin.* (8\.|9\.[0-8]\.|10\.)", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4 / 10.5 / 10.6"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); fixed_version = "4.0.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/0/XSRF', value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1859.NASL description Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. last seen 2020-06-01 modified 2020-06-02 plugin id 44724 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44724 title Debian DSA-1859-1 : libxml2 - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_12469.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) last seen 2020-06-01 modified 2020-06-02 plugin id 41319 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41319 title SuSE9 Security Update : libxml2 (YOU Patch Number 12469) NASL family Scientific Linux Local Security Checks NASL id SL_20090810_LIBXML_AND_LIBXML2_ON_SL3_X.NASL description CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provid a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60637 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60637 title Scientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBXML2-090807.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 40573 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40573 title openSUSE Security Update : libxml2 (libxml2-1175) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201009-07.NASL description The remote host is affected by the vulnerability described in GLSA-201009-07 (libxml2: Denial of Service) The following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework: Two use-after-free vulnerabilities are possible when parsing a XML file with Notation or Enumeration attribute types (CVE-2009-2416). A stack consumption vulnerability can be triggered via a large depth of element declarations in a DTD, related to a function recursion (CVE-2009-2414). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 49636 published 2010-09-22 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49636 title GLSA-201009-07 : libxml2: Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2009-8580.NASL description two patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40602 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40602 title Fedora 11 : mingw32-libxml2-2.7.3-2.fc11 (2009-8580) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1206.NASL description From Red Hat Security Advisory 2009:1206 : Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67909 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67909 title Oracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBXML2-090807.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 40575 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40575 title openSUSE Security Update : libxml2 (libxml2-1175) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML-6482.NASL description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 51756 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51756 title SuSE 10 Security Update : libxml (ZYPP Patch Number 6482) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-6405.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 42021 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42021 title openSUSE 10 Security Update : libxml2 (libxml2-6405) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBXML-090908.NASL description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 41002 published 2009-09-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41002 title openSUSE Security Update : libxml (libxml-1278) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXML2-090807.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) last seen 2020-06-01 modified 2020-06-02 plugin id 41436 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41436 title SuSE 11 Security Update : libxml2 (SAT Patch Number 1177) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1206.NASL description Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 40544 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40544 title RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0018.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933 last seen 2020-06-01 modified 2020-06-02 plugin id 79462 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79462 title OracleVM 2.1 : libxml2 (OVMSA-2009-0018) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8491.NASL description two patches for parsing problems raised by ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40569 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40569 title Fedora 10 : libxml2-2.7.3-2.fc10 (2009-8491) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1861.NASL description Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. last seen 2020-06-01 modified 2020-06-02 plugin id 44726 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44726 title Debian DSA-1861-1 : libxml - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_12504.NASL description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 41325 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41325 title SuSE9 Security Update : libxml.rpm (YOU Patch Number 12504) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8498.NASL description two patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40570 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40570 title Fedora 11 : libxml2-2.7.3-3.fc11 (2009-8498) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1206.NASL description Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 40533 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40533 title CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-200.NASL description Multiple vulnerabilities has been found and corrected in libxml : Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 40584 published 2009-08-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40584 title Mandriva Linux Security Advisory : libxml (MDVSA-2009:200-1) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML-6477.NASL description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 42020 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42020 title openSUSE 10 Security Update : libxml (libxml-6477) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CE4B3AF80B7C11E1846B00235409FD3E.NASL description Multiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file. last seen 2020-06-01 modified 2020-06-02 plugin id 56773 published 2011-11-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56773 title FreeBSD : libxml -- Multiple use-after-free vulnerabilities (ce4b3af8-0b7c-11e1-846b-00235409fd3e) NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-815-1.NASL description It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40576 published 2009-08-12 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40576 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8582.NASL description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40603 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40603 title Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8594.NASL description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40604 published 2009-08-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40604 title Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594) NASL family Windows NASL id GOOGLE_CHROME_2_0_172_43.NASL description The version of Google Chrome installed on the remote host is earlier than 2.0.172.43. Such versions are reportedly affected by multiple issues : - A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935) - The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (Issue #18725) - A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2414) - Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416) last seen 2020-06-01 modified 2020-06-02 plugin id 40778 published 2009-08-26 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40778 title Google Chrome < 2.0.172.43 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBXML-090908.NASL description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414) last seen 2020-06-01 modified 2020-06-02 plugin id 41004 published 2009-09-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41004 title openSUSE Security Update : libxml (libxml-1278) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-6403.NASL description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) last seen 2020-06-01 modified 2020-06-02 plugin id 41557 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41557 title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 6403)
Oval
accepted 2014-01-20T04:01:36.835-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887 comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293
description Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. family unix id oval:org.mitre.oval:def:7783 status accepted submitted 2010-03-19T16:57:59.000-04:00 title VMware libxml2 use-after-free vulnerability version 7 accepted 2013-04-29T04:18:37.597-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. family unix id oval:org.mitre.oval:def:9262 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. version 28
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 36010 CVE(CAN) ID: CVE-2009-2414,CVE-2009-2416 libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml库处理DTD中根XML文档元素定义的方式存在栈溢出漏洞,解析Notation和Enumeration属性类型的方式存在多个释放后使用漏洞。远程攻击者可以提供特制的XML文件,如果本地用户受骗打开了该文件,就会导致拒绝服务(应用程序崩溃)。 XMLSoft Libxml2 <= 2.6.26 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1206-01)以及相应补丁: RHSA-2009:1206-01:Moderate: libxml and libxml2 security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1206.html id SSV:12038 last seen 2017-11-19 modified 2009-08-12 published 2009-08-12 reporter Root title libxml2栈溢出和释放后使用拒绝漏洞 bulletinFamily exploit description BUGTRAQ ID: 36357,36010,36994,36995,36997,36996 CVE ID: CVE-2009-2804,CVE-2009-2414,CVE-2009-2416,CVE-2009-2842,CVE-2009-2816,CVE-2009-3384,CVE-2009-2841 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 远程攻击者可以利用Safari浏览器中的多个错误导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2009-2804 处理包含有嵌入式颜色配置文件的图形时存在可导致堆溢出的整数溢出,用户受骗打开恶意图形就可能导致浏览器崩溃或执行任意代码。 CVE-2009-2414,CVE-2009-2416 libxml2库中的多个释放后使用漏洞可能导致浏览器意外终止。 CVE-2009-2842 Safari处理通过“在新标签页中打开图形”、“在新窗口中打开图形”或“在新标签页中打开链接”快捷菜单选项所初始化的导航时存在漏洞,对恶意网站使用这些选项可能加载本地HTM文件,导致泄漏敏感信息。 CVE-2009-2816 WebKit实现跨源资源共享的方式存在漏洞。在允许一个源的页面访问另一个源中资源之前,WebKit向后者服务器发送了preflight请求。由于WebKit包含有preflight所请求页面指定的自定义HTTP头,这有利于跨站请求伪造攻击。 CVE-2009-3384 WebKit处理FTP列出目录方式存在多个漏洞,访问恶意的FTP服务器可能导致信息泄露、浏览器意外终止或执行任意代码。 CVE-2009-2841 WebKit遇到指向外部资源的HTML 5媒体元素时没有发布资源加载回调来判断是否应加装资源,这可能导致对远程服务器的非预期请求。例如,HTML格式邮件的发件人可以判断消息是否已读。 Apple Safari 4.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/safari/download/ id SSV:12627 last seen 2017-11-19 modified 2009-11-13 published 2009-11-13 reporter Root title Safari 4.0.4版本修复多个安全漏洞
References
- http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
- http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://secunia.com/advisories/35036
- http://secunia.com/advisories/35036
- http://secunia.com/advisories/36207
- http://secunia.com/advisories/36207
- http://secunia.com/advisories/36338
- http://secunia.com/advisories/36338
- http://secunia.com/advisories/36417
- http://secunia.com/advisories/36417
- http://secunia.com/advisories/36631
- http://secunia.com/advisories/36631
- http://secunia.com/advisories/37346
- http://secunia.com/advisories/37346
- http://secunia.com/advisories/37471
- http://secunia.com/advisories/37471
- http://support.apple.com/kb/HT3937
- http://support.apple.com/kb/HT3937
- http://support.apple.com/kb/HT3949
- http://support.apple.com/kb/HT3949
- http://support.apple.com/kb/HT4225
- http://support.apple.com/kb/HT4225
- http://www.cert.fi/en/reports/2009/vulnerability2009085.html
- http://www.cert.fi/en/reports/2009/vulnerability2009085.html
- http://www.codenomicon.com/labs/xml/
- http://www.codenomicon.com/labs/xml/
- http://www.debian.org/security/2009/dsa-1859
- http://www.debian.org/security/2009/dsa-1859
- http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
- http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
- http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
- http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
- http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
- http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/36010
- http://www.securityfocus.com/bid/36010
- http://www.ubuntu.com/usn/USN-815-1
- http://www.ubuntu.com/usn/USN-815-1
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/2420
- http://www.vupen.com/english/advisories/2009/2420
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2009/3217
- http://www.vupen.com/english/advisories/2009/3217
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2009/3316
- https://bugzilla.redhat.com/show_bug.cgi?id=515205
- https://bugzilla.redhat.com/show_bug.cgi?id=515205
- https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
- https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html