Vulnerabilities > CVE-2012-0876 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Nessus

  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API
    last seen2020-06-01
    modified2020-06-02
    plugin id89039
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89039
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89039);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id(
        "CVE-2011-4940",
        "CVE-2011-4944",
        "CVE-2012-0441",
        "CVE-2012-0876",
        "CVE-2012-1033",
        "CVE-2012-1148",
        "CVE-2012-1150",
        "CVE-2012-1667",
        "CVE-2012-3817",
        "CVE-2012-5703"
      );
      script_bugtraq_id(
        51239,
        51898,
        52379,
        52732,
        53772,
        54083,
        54658,
        56571
      );
      script_xref(name:"VMSA", value:"2012-0016");
    
      script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)");
      script_summary(english:"Checks the ESX / ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several components and
    third-party libraries :
    
      - bind
      - expat
      - nspr and nss
      - python
      - vSphere API");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2012-0016.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 4.1 or ESXi version  4.1.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1667");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("Host/VMware/version");
    release = get_kb_item_or_exit("Host/VMware/release");
    port    = get_kb_item_or_exit("Host/VMware/vsphere");
    
    # Version + build map
    # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508
    fixes = make_array();
    fixes["ESXi 4.1"] = 874690;
    fixes["ESX 4.1"]  = 874690;
    
    matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);
    if (empty_or_null(matches))
      exit(1, 'Failed to extract the ESX / ESXi build number.');
    
    type  = matches[1];
    build = int(matches[2]);
    
    fixed_build = fixes[version];
    
    if (!isnull(fixed_build) && build < fixed_build)
    {
      padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment
    
      report = '\n  ' + type + ' version' + padding + ': ' + version +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fixed_build +
               '\n';
    
      security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C9C252F52DEF11E6AE88002590263BF5.NASL
    descriptionSebastian Pipping reports : CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876.
    last seen2020-06-01
    modified2020-06-02
    plugin id91526
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91526
    titleFreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91526);
      script_version("2.7");
      script_cvs_date("Date: 2018/11/23 12:49:57");
    
      script_cve_id("CVE-2012-6702", "CVE-2016-5300");
    
      script_name(english:"FreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sebastian Pipping reports :
    
    CVE-2012-6702 -- Resolve troublesome internal call to srand that was
    introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496)
    
    CVE-2016-5300 -- Use more entropy for hash initialization than the
    original fix to CVE-2012-0876."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210155"
      );
      # https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a9e2354"
      );
      # http://www.openwall.com/lists/oss-security/2016/03/18/3
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openwall.com/lists/oss-security/2016/03/18/3"
      );
      # https://vuxml.freebsd.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?eccb43af"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:expat");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"expat<2.1.1_1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-117.NASL
    descriptionUpdated python packages fix security vulnerabilities : A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user
    last seen2020-06-01
    modified2020-06-02
    plugin id66129
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66129
    titleMandriva Linux Security Advisory : python (MDVSA-2013:117)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:117. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66129);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2011-4944");
      script_bugtraq_id(52732);
      script_xref(name:"MDVSA", value:"2013:117");
      script_xref(name:"MGASA", value:"2012-0170");
    
      script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2013:117)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages fix security vulnerabilities :
    
    A race condition was found in the way the Python distutils module set
    file permissions during the creation of the .pypirc file. If a local
    user had access to the home directory of another user who is running
    distutils, they could use this flaw to gain access to that user's
    .pypirc file, which can contain usernames and passwords for code
    repositories (CVE-2011-4944).
    
    Additionally, python has been built against the system expat and ffi
    libraries, to avoid any future issues with those (mitigates
    CVE-2012-0876 for expat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0160"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python-devel-2.7.3-4.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python2.7-2.7.3-4.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-2.7.3-4.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"python-docs-2.7.3-4.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-2.7.3-4.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-apps-2.7.3-4.3.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBEXPAT_20120918.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. (CVE-2012-0876) - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. (CVE-2012-1148)
    last seen2020-06-01
    modified2020-06-02
    plugin id80669
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80669
    titleOracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1613-2.NASL
    descriptionUSN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62620
    published2012-10-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62620
    titleUbuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-89.NASL
    descriptionA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)
    last seen2020-06-01
    modified2020-06-02
    plugin id69696
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69696
    titleAmazon Linux AMI : expat (ALAS-2012-89)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-097.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user
    last seen2020-06-01
    modified2020-06-02
    plugin id61956
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61956
    titleMandriva Linux Security Advisory : python (MDVSA-2012:097)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_EXPAT-8015.NASL
    descriptionThe following issues have been fixed : - expat was prone to a hash collision attack that could lead to excessive CPU usage. (CVE-2012-0876) - expat didn
    last seen2020-06-05
    modified2012-06-21
    plugin id59639
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59639
    titleSuSE 10 Security Update : expat (ZYPP Patch Number 8015)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2525.NASL
    descriptionIt was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.
    last seen2020-03-17
    modified2012-08-07
    plugin id61441
    published2012-08-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61441
    titleDebian DSA-2525-1 : expat - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1527-2.NASL
    descriptionUSN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62036
    published2012-09-11
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62036
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1527-1.NASL
    descriptionIt was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61485
    published2012-08-10
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61485
    titleUbuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0415-1.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97065
    published2017-02-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97065
    titleSUSE SLES11 Security Update : expat (SUSE-SU-2017:0415-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0424-1.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97080
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97080
    titleSUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:0424-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-124-01.NASL
    descriptionNew python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109583
    published2018-05-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109583
    titleSlackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-260.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-02-21
    plugin id97280
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97280
    titleopenSUSE Security Update : expat (openSUSE-2017-260)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16949.NASL
    descriptionCVE-2012-0876 The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVE-2012-1148 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Impact These vulnerabilities allow context-dependent attackers to cause a denial-of-service (DoS) (CPU and/or memory consumption) by way of XML files.
    last seen2020-06-01
    modified2020-06-02
    plugin id86013
    published2015-09-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86013
    titleF5 Networks BIG-IP : Expat vulnerabilities (K16949)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11_2.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id87314
    published2015-12-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87314
    titleMac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_EXPAT-120424.NASL
    descriptionThis update of expat fixes the following bugs : - hash collision attack that could lead to exessive CPU usage. (CVE-2012-0876) - expat didn
    last seen2020-06-05
    modified2013-01-25
    plugin id64127
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64127
    titleSuSE 11.1 Security Update : expat (SAT Patch Number 6200)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-06 (Expat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted XML file in an application linked against Expat, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62287
    published2012-09-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62287
    titleGLSA-201209-06 : Expat: Multiple vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0016.NASL
    descriptiona. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. VMware would like to thank Sebastian Tello of Core Security Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. b. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1033, CVE-2012-1667, and CVE-2012-3817 to these issues. c. Update to ESX service console python packages The ESX service console Python packages are updated to the following versions : python-2.4.3-46.el5_8.2.x86_64 python-libs-2.4.3-46.el5_8.2.x86_64 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4940, CVE-2011-4944, and CVE-2012-1150 to these issues. d. Update to ESX service console expat package The ESX service console expat package is updated to expat-1.95.8-11.el5_8. This update fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-0876 and CVE-2012-1148 to these issues. e. Update to ESX service console nspr and nss packages This patch updates the ESX service console Netscape Portable Runtime and Network Security Services RPMs to versions nspr-4.9.1.4.el5_8 and nss-3.13.5.4.9834, respectively, to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0441 to this issue. This patch also resolves a certificate trust issue caused by a fraudulent DigiNotar root certificate.
    last seen2020-06-01
    modified2020-06-02
    plugin id62944
    published2012-11-16
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62944
    titleVMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen2020-06-01
    modified2020-06-02
    plugin id79862
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79862
    titleESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1613-1.NASL
    descriptionIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62619
    published2012-10-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62619
    titleUbuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-508.NASL
    descriptionTwo related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 This issue was introduced when CVE-2012-0876 was addressed. Stefan S&oslash;rensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. CVE-2016-5300 This is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries. For Debian 7
    last seen2020-03-17
    modified2016-06-09
    plugin id91523
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91523
    titleDebian DLA-508-1 : expat security update
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_9.NASL
    descriptionThe remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id70561
    published2013-10-23
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70561
    titleMac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1698.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126540
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126540
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1698)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6996.NASL
    descriptionThis update includes expat 2.1.0, which fixes includes a fix for a security issue. A specially crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. (CVE-2012-0876) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-16
    plugin id59101
    published2012-05-16
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59101
    titleFedora 15 : expat-2.1.0-1.fc15 (2012-6996)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9164F51EAE2011E7A633009C02A2AB30.NASL
    descriptionPython reports : Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id103796
    published2017-10-12
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103796
    titleFreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3597.NASL
    descriptionTwo related issues have been discovered in Expat, a C library for parsing XML. - CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sorensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. - CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries.
    last seen2020-06-01
    modified2020-06-02
    plugin id91506
    published2016-06-08
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91506
    titleDebian DSA-3597-1 : expat - security update
  • NASL familyMisc.
    NASL idPVS_5_2_0.NASL
    descriptionThe version of Tenable Passive Vulnerability Scanner (PVS) installed on the remote host is 5.x < 5.2.0. It is, therefore, affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Expat within file xmlparse.c due to a logical error in hash computations. An unauthenticated, remote attacker can exploit these, via a specially crafted XML file containing many identifiers with the same value, to cause the service to exhaust CPU resources. (CVE-2012-0876, CVE-2016-5300) - A flaw exists in the generate_hash_secret_salt() function in file lib/xmlparse.c within Expat due to the generation of non-random output by the PRNG. An unauthenticated, remote attacker can exploit this to more easily predict the PRNG output. (CVE-2012-6702) - Multiple buffer overflow conditions exist within Expat, specifically in the XML_GetBuffer() function in file lib/xmlparse.c, due to improper validation of user-supplied input when handling compressed XML content. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) - Multiple buffer overflow conditions exist within the Expat XML parser when handling malformed input documents due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718, CVE-2016-0719) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit these to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id96337
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96337
    titleTenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1742.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126869
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126869
    titleEulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1742)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-041.NASL
    descriptionA memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id58506
    published2012-03-28
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58506
    titleMandriva Linux Security Advisory : expat (MDVSA-2012:041)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-4936.NASL
    descriptionThis update includes expat 2.1.0, which fixes includes a fix for a security issue. A specially crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. (CVE-2012-0876) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-12
    plugin id58709
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58709
    titleFedora 17 : expat-2.1.0-1.fc17 (2012-4936)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL70938105.NASL
    descriptionThe XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (CVE-2016-5300) Impact An attacker may be able to cause a denial-of-service (DoS) attack by way ofcrafted identifiers in an XML document.
    last seen2020-03-17
    modified2016-10-27
    plugin id94301
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94301
    titleF5 Networks BIG-IP : Expat XML library vulnerability (K70938105)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2063.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129256
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129256
    titleEulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120613_EXPAT_ON_SL5_X.NASL
    descriptionExpat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61327
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61327
    titleScientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64 (20120613)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0731.NASL
    descriptionUpdated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id59491
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59491
    titleRHEL 5 / 6 : expat (RHSA-2012:0731)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1666.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-06-27
    plugin id126293
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126293
    titleEulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0731.NASL
    descriptionUpdated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id59482
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59482
    titleCentOS 5 / 6 : expat (CESA-2012:0731)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-096.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user
    last seen2020-06-01
    modified2020-06-02
    plugin id59635
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59635
    titleMandriva Linux Security Advisory : python (MDVSA-2012:096)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL
    descriptionpython release notes : Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id109594
    published2018-05-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109594
    titleFreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0497-1.NASL
    descriptionThis update for python3 fixes the following issues : Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6 : Security issues fixed : Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-27
    plugin id134106
    published2020-02-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134106
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_PYTHON_20130410.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id80749
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80749
    titleOracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-008.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id87321
    published2015-12-11
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87321
    titleMac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5058.NASL
    descriptionThis update includes expat 2.1.0, which fixes includes a fix for a security issue. A specially crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. (CVE-2012-0876) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-01
    plugin id58924
    published2012-05-01
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58924
    titleFedora 16 : expat-2.1.0-1.fc16 (2012-5058)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0731.NASL
    descriptionFrom Red Hat Security Advisory 2012:0731 : Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68543
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68543
    titleOracle Linux 5 / 6 : expat (ELSA-2012-0731)

Redhat

advisories
  • rhsa
    idRHSA-2012:0731
  • rhsa
    idRHSA-2016:0062
  • rhsa
    idRHSA-2016:2957
rpms
  • expat-0:1.95.8-11.el5_8
  • expat-0:2.0.1-11.el6_2
  • expat-debuginfo-0:1.95.8-11.el5_8
  • expat-debuginfo-0:2.0.1-11.el6_2
  • expat-devel-0:1.95.8-11.el5_8
  • expat-devel-0:2.0.1-11.el6_2

References