Vulnerabilities > CVE-2009-2416 - Use After Free vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
6
Application
Google
47
Application
Apple
85
Application
Vmware
2
Application
Sun
10
OS
Fedoraproject
2
OS
Debian
1
OS
Redhat
3
OS
Canonical
4
OS
Apple
161
OS
Suse
3
OS
Opensuse
4
OS
Vmware
5

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42433
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42433
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-006)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42433);
      script_version("1.27");
    
      script_cve_id(
        "CVE-2007-5707",
        "CVE-2007-6698",
        "CVE-2008-0658",
        "CVE-2008-5161",
        "CVE-2009-0023",
        "CVE-2009-1191",
        "CVE-2009-1195",
        "CVE-2009-1574",
        "CVE-2009-1632",
        "CVE-2009-1890",
        "CVE-2009-1891",
        "CVE-2009-1955",
        "CVE-2009-1956",
        "CVE-2009-2408",
        "CVE-2009-2409",
        "CVE-2009-2411",
        "CVE-2009-2412",
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2666",
        "CVE-2009-2808",
        "CVE-2009-2818",
        "CVE-2009-2819",
        "CVE-2009-2820",
        "CVE-2009-2823",
        "CVE-2009-2824",
        "CVE-2009-2825",
        "CVE-2009-2826",
        "CVE-2009-2827",
        "CVE-2009-2828",
        "CVE-2009-2829",
        "CVE-2009-2831",
        "CVE-2009-2832",
        "CVE-2009-2833",
        "CVE-2009-2834",
        "CVE-2009-2837",
        "CVE-2009-2838",
        "CVE-2009-2839",
        "CVE-2009-2840",
        "CVE-2009-3111",
        "CVE-2009-3291",
        "CVE-2009-3292",
        "CVE-2009-3293"
      );
      script_bugtraq_id(
        26245,
        27778,
        34663,
        35115,
        35221,
        35251,
        35565,
        35623,
        35888,
        35983,
        36263,
        36449,
        36959,
        36961,
        36962,
        36963,
        36964,
        36966,
        36967,
        36972,
        36973,
        36975,
        36977,
        36978,
        36979,
        36982,
        36985,
        36988,
        36990
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)");
      script_summary(english:"Check for the presence of Security Update 2009-006");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2009-006 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Client
      - Adaptive Firewall
      - Apache
      - Apache Portable Runtime
      - ATS
      - Certificate Assistant
      - CoreGraphics
      - CUPS
      - Dictionary
      - DirectoryService
      - Disk Images
      - Event Monitor
      - fetchmail
      - FTP Server
      - Help Viewer
      - International Components for Unicode
      - IOKit
      - IPSec
      - libsecurity
      - libxml
      - OpenLDAP
      - OpenSSH
      - PHP
      - QuickDraw Manager
      - QuickLook
      - FreeRADIUS
      - Screen Sharing
      - Spotlight
      - Subversion"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3937"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18255"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-006 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09");
      script_cvs_date("Date: 2018/07/16 12:48:31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyWindows
    NASL idSAFARI_4_0_4.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the
    last seen2020-06-01
    modified2020-06-02
    plugin id42478
    published2009-11-12
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42478
    titleSafari < 4.0.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42478);
      script_version("1.16");
    
      script_cve_id(
        "CVE-2009-2804",
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2816",
        "CVE-2009-2842",
        "CVE-2009-3384"
      );
      script_bugtraq_id(36357, 36994, 36995, 36997);
    
      script_name(english:"Safari < 4.0.4 Multiple Vulnerabilities");
      script_summary(english:"Checks Safari's version number");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The version of Safari installed on the remote Windows host is earlier
    than 4.0.4.  Such versions are potentially affected by several 
    issues :
    
      - An integer overflow in the handling of images with an
        embedded color profile could lead to a crash or 
        arbitrary code execution. (CVE-2009-2804)
    
      - Multiple use-after-free issues exist in libxml2, the
        most serious of which could lead to a program crash.
        (CVE-2009-2414, CVE-2009-2416)
    
      - An issue in the handling of navigations initiated via 
        the 'Open Image in New Tab', 'Open Image in New Window'
        or 'Open Link in New Tab' shortcut menu options could
        be exploited to load a local HTML file, leading to
        disclosure of sensitive information. (CVE-2009-2842)
    
      - An issue involving WebKit's inclusion of custom HTTP
        headers specified by a requesting page in preflight
        requests in support of Cross-Origin Resource Sharing
        can facilitate cross-site request forgery attacks. 
        (CVE-2009-2816)
    
      - Multiple issues in WebKit's handling of FTP directory 
        listings may lead to information disclosure, unexpected
        application termination, or execution of arbitrary 
        code. (CVE-2009-3384)"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3949"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18277"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade to Safari 4.0.4 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189, 352, 399);
      script_set_attribute(
        attribute:"vuln_publication_date", 
        value:"2009/11/11"
      );
      script_set_attribute(
        attribute:"patch_publication_date", 
        value:"2009/11/11"
      );
      script_set_attribute(
        attribute:"plugin_publication_date", 
        value:"2009/11/12"
      );
     script_cvs_date("Date: 2018/07/27 18:38:15");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("safari_installed.nasl");
      script_require_keys("SMB/Safari/FileVersion");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    path = get_kb_item("SMB/Safari/Path");
    version = get_kb_item("SMB/Safari/FileVersion");
    if (isnull(version)) exit(0);
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (
      ver[0] < 5 ||
      (
        ver[0] == 5 &&
        (
          ver[1] < 31 ||
          (
            ver[1] == 31 && 
            (
              ver[2] < 21 ||
              (ver[2] == 21 && ver[3] < 10)
            )
          )
        )
      )
    )
    {
      if (report_verbosity > 0)
      {
        if (isnull(path)) path = "n/a";
    
        prod_version = get_kb_item("SMB/Safari/ProductVersion");
        if (!isnull(prod_version)) version = prod_version;
    
        report = string(
          "\n",
          "Nessus collected the following information about the current install\n",
          "of Safari on the remote host :\n",
          "\n",
          "  Version : ", version, "\n",
          "  Path    : ", path, "\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI4_0_4.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the
    last seen2020-06-01
    modified2020-06-02
    plugin id42477
    published2009-11-12
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42477
    titleMac OS X : Apple Safari < 4.0.4
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42477);
      script_version("1.21");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2816",
        "CVE-2009-2841",
        "CVE-2009-2842"
      );
      script_bugtraq_id(36994, 36996, 36997);
    
      script_name(english:"Mac OS X : Apple Safari < 4.0.4");
      script_summary(english:"Check the Safari SourceVersion");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The version of Apple Safari installed on the remote Mac OS X host is
    earlier than 4.0.4.  As such, it is potentially affected by several
    issues :
    
      - Multiple use-after-free issues exist in libxml2, the
        most serious of which could lead to a program crash.
        (CVE-2009-2414, CVE-2009-2416)
    
      - An issue in the handling of navigations initiated via 
        the 'Open Image in New Tab', 'Open Image in New Window'
        or 'Open Link in New Tab' shortcut menu options could
        be exploited to load a local HTML file, leading to
        disclosure of sensitive information. (CVE-2009-2842)
    
      - An issue involving WebKit's inclusion of custom HTTP
        headers specified by a requesting page in preflight
        requests in support of Cross-Origin Resource Sharing
        can facilitate cross-site request forgery attacks. 
        (CVE-2009-2816)
    
      - WebKit fails to issue a resource load callback to 
        determine if a resource should be loaded when it
        encounters an HTML 5 Media Element pointing to an 
        external resource, which could lead to undesired
        requests to remote servers. (CVE-2009-2841)"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3949"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18277"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 4.0.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 352, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
     
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
     
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    uname = get_kb_item_or_exit("Host/uname");
    if (!egrep(pattern:"Darwin.* (8\.|9\.[0-8]\.|10\.)", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4 / 10.5 / 10.6");
    
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    fixed_version = "4.0.4";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      set_kb_item(name:'www/0/XSRF', value:TRUE);
    
      if (report_verbosity > 0)
      {
        report = 
          '\n  Installed version : ' + version + 
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1859.NASL
    descriptionRauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document.
    last seen2020-06-01
    modified2020-06-02
    plugin id44724
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44724
    titleDebian DSA-1859-1 : libxml2 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12469.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416)
    last seen2020-06-01
    modified2020-06-02
    plugin id41319
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41319
    titleSuSE9 Security Update : libxml2 (YOU Patch Number 12469)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090810_LIBXML_AND_LIBXML2_ON_SL3_X.NASL
    descriptionCVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provid a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60637
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60637
    titleScientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBXML2-090807.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id40573
    published2009-08-12
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40573
    titleopenSUSE Security Update : libxml2 (libxml2-1175)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201009-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201009-07 (libxml2: Denial of Service) The following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework: Two use-after-free vulnerabilities are possible when parsing a XML file with Notation or Enumeration attribute types (CVE-2009-2416). A stack consumption vulnerability can be triggered via a large depth of element declarations in a DTD, related to a function recursion (CVE-2009-2414). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id49636
    published2010-09-22
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49636
    titleGLSA-201009-07 : libxml2: Denial of Service
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8580.NASL
    descriptiontwo patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40602
    published2009-08-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40602
    titleFedora 11 : mingw32-libxml2-2.7.3-2.fc11 (2009-8580)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1206.NASL
    descriptionFrom Red Hat Security Advisory 2009:1206 : Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67909
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67909
    titleOracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBXML2-090807.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id40575
    published2009-08-12
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40575
    titleopenSUSE Security Update : libxml2 (libxml2-1175)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML-6482.NASL
    descriptionThis update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id51756
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51756
    titleSuSE 10 Security Update : libxml (ZYPP Patch Number 6482)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-6405.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id42021
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42021
    titleopenSUSE 10 Security Update : libxml2 (libxml2-6405)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42434
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42434
    titleMac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBXML-090908.NASL
    descriptionThis update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id41002
    published2009-09-17
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41002
    titleopenSUSE Security Update : libxml (libxml-1278)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBXML2-090807.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416)
    last seen2020-06-01
    modified2020-06-02
    plugin id41436
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41436
    titleSuSE 11 Security Update : libxml2 (SAT Patch Number 1177)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1206.NASL
    descriptionUpdated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40544
    published2009-08-11
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40544
    titleRHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0018.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933
    last seen2020-06-01
    modified2020-06-02
    plugin id79462
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79462
    titleOracleVM 2.1 : libxml2 (OVMSA-2009-0018)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8491.NASL
    descriptiontwo patches for parsing problems raised by ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40569
    published2009-08-12
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40569
    titleFedora 10 : libxml2-2.7.3-2.fc10 (2009-8491)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1861.NASL
    descriptionRauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document.
    last seen2020-06-01
    modified2020-06-02
    plugin id44726
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44726
    titleDebian DSA-1861-1 : libxml - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12504.NASL
    descriptionThis update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id41325
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41325
    titleSuSE9 Security Update : libxml.rpm (YOU Patch Number 12504)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8498.NASL
    descriptiontwo patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40570
    published2009-08-12
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40570
    titleFedora 11 : libxml2-2.7.3-3.fc11 (2009-8498)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1206.NASL
    descriptionUpdated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40533
    published2009-08-11
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40533
    titleCentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-200.NASL
    descriptionMultiple vulnerabilities has been found and corrected in libxml : Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id40584
    published2009-08-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40584
    titleMandriva Linux Security Advisory : libxml (MDVSA-2009:200-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML-6477.NASL
    descriptionThis update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id42020
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42020
    titleopenSUSE 10 Security Update : libxml (libxml-6477)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CE4B3AF80B7C11E1846B00235409FD3E.NASL
    descriptionMultiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file.
    last seen2020-06-01
    modified2020-06-02
    plugin id56773
    published2011-11-11
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56773
    titleFreeBSD : libxml -- Multiple use-after-free vulnerabilities (ce4b3af8-0b7c-11e1-846b-00235409fd3e)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-815-1.NASL
    descriptionIt was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40576
    published2009-08-12
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40576
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8582.NASL
    descriptionThis update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40603
    published2009-08-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40603
    titleFedora 11 : libxml-1.8.17-24.fc11 (2009-8582)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8594.NASL
    descriptionThis update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40604
    published2009-08-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40604
    titleFedora 10 : libxml-1.8.17-24.fc10 (2009-8594)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_2_0_172_43.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 2.0.172.43. Such versions are reportedly affected by multiple issues : - A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935) - The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (Issue #18725) - A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2414) - Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416)
    last seen2020-06-01
    modified2020-06-02
    plugin id40778
    published2009-08-26
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40778
    titleGoogle Chrome < 2.0.172.43 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBXML-090908.NASL
    descriptionThis update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen2020-06-01
    modified2020-06-02
    plugin id41004
    published2009-09-17
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41004
    titleopenSUSE Security Update : libxml (libxml-1278)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-6403.NASL
    descriptionThis update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416)
    last seen2020-06-01
    modified2020-06-02
    plugin id41557
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41557
    titleSuSE 10 Security Update : libxml2 (ZYPP Patch Number 6403)

Oval

  • accepted2014-01-20T04:01:36.835-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    • commentVMware ESX Server 4.0 is installed
      ovaloval:org.mitre.oval:def:6293
    descriptionMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
    familyunix
    idoval:org.mitre.oval:def:7783
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware libxml2 use-after-free vulnerability
    version7
  • accepted2013-04-29T04:18:37.597-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
    familyunix
    idoval:org.mitre.oval:def:9262
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
    version28

Redhat

advisories
bugzilla
id515205
titleCVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibxml2 is earlier than 0:2.6.16-12.7
          ovaloval:com.redhat.rhsa:tst:20091206001
        • commentlibxml2 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032004
      • AND
        • commentlibxml2-python is earlier than 0:2.6.16-12.7
          ovaloval:com.redhat.rhsa:tst:20091206003
        • commentlibxml2-python is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032006
      • AND
        • commentlibxml2-devel is earlier than 0:2.6.16-12.7
          ovaloval:com.redhat.rhsa:tst:20091206005
        • commentlibxml2-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibxml2 is earlier than 0:2.6.26-2.1.2.8
          ovaloval:com.redhat.rhsa:tst:20091206008
        • commentlibxml2 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032013
      • AND
        • commentlibxml2-devel is earlier than 0:2.6.26-2.1.2.8
          ovaloval:com.redhat.rhsa:tst:20091206010
        • commentlibxml2-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032009
      • AND
        • commentlibxml2-python is earlier than 0:2.6.26-2.1.2.8
          ovaloval:com.redhat.rhsa:tst:20091206012
        • commentlibxml2-python is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032011
rhsa
idRHSA-2009:1206
released2009-08-10
severityModerate
titleRHSA-2009:1206: libxml and libxml2 security update (Moderate)
rpms
  • libxml-1:1.8.17-9.3
  • libxml-debuginfo-1:1.8.17-9.3
  • libxml-devel-1:1.8.17-9.3
  • libxml2-0:2.5.10-15
  • libxml2-0:2.6.16-12.7
  • libxml2-0:2.6.26-2.1.2.8
  • libxml2-debuginfo-0:2.5.10-15
  • libxml2-debuginfo-0:2.6.16-12.7
  • libxml2-debuginfo-0:2.6.26-2.1.2.8
  • libxml2-devel-0:2.5.10-15
  • libxml2-devel-0:2.6.16-12.7
  • libxml2-devel-0:2.6.26-2.1.2.8
  • libxml2-python-0:2.5.10-15
  • libxml2-python-0:2.6.16-12.7
  • libxml2-python-0:2.6.26-2.1.2.8

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 36010 CVE(CAN) ID: CVE-2009-2414,CVE-2009-2416 libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml库处理DTD中根XML文档元素定义的方式存在栈溢出漏洞,解析Notation和Enumeration属性类型的方式存在多个释放后使用漏洞。远程攻击者可以提供特制的XML文件,如果本地用户受骗打开了该文件,就会导致拒绝服务(应用程序崩溃)。 XMLSoft Libxml2 &lt;= 2.6.26 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1206-01)以及相应补丁: RHSA-2009:1206-01:Moderate: libxml and libxml2 security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1206.html
    idSSV:12038
    last seen2017-11-19
    modified2009-08-12
    published2009-08-12
    reporterRoot
    titlelibxml2栈溢出和释放后使用拒绝漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 36357,36010,36994,36995,36997,36996 CVE ID: CVE-2009-2804,CVE-2009-2414,CVE-2009-2416,CVE-2009-2842,CVE-2009-2816,CVE-2009-3384,CVE-2009-2841 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 远程攻击者可以利用Safari浏览器中的多个错误导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2009-2804 处理包含有嵌入式颜色配置文件的图形时存在可导致堆溢出的整数溢出,用户受骗打开恶意图形就可能导致浏览器崩溃或执行任意代码。 CVE-2009-2414,CVE-2009-2416 libxml2库中的多个释放后使用漏洞可能导致浏览器意外终止。 CVE-2009-2842 Safari处理通过“在新标签页中打开图形”、“在新窗口中打开图形”或“在新标签页中打开链接”快捷菜单选项所初始化的导航时存在漏洞,对恶意网站使用这些选项可能加载本地HTM文件,导致泄漏敏感信息。 CVE-2009-2816 WebKit实现跨源资源共享的方式存在漏洞。在允许一个源的页面访问另一个源中资源之前,WebKit向后者服务器发送了preflight请求。由于WebKit包含有preflight所请求页面指定的自定义HTTP头,这有利于跨站请求伪造攻击。 CVE-2009-3384 WebKit处理FTP列出目录方式存在多个漏洞,访问恶意的FTP服务器可能导致信息泄露、浏览器意外终止或执行任意代码。 CVE-2009-2841 WebKit遇到指向外部资源的HTML 5媒体元素时没有发布资源加载回调来判断是否应加装资源,这可能导致对远程服务器的非预期请求。例如,HTML格式邮件的发件人可以判断消息是否已读。 Apple Safari 4.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/safari/download/
    idSSV:12627
    last seen2017-11-19
    modified2009-11-13
    published2009-11-13
    reporterRoot
    titleSafari 4.0.4版本修复多个安全漏洞

References