Vulnerabilities > CVE-2012-5134 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Windows NASL id GOOGLE_CHROME_23_0_1271_91.NASL description The version of Google Chrome installed on the remote host is earlier than 23.0.1271.91 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 63063 published 2012-11-27 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63063 title Google Chrome < 23.0.1271.91 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63063); script_version("1.14"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5134", "CVE-2012-5135", "CVE-2012-5136" ); script_bugtraq_id(56684); script_name(english:"Google Chrome < 23.0.1271.91 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is earlier than 23.0.1271.91 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to 'Skia'. (CVE-2012-5130) - An unspecified error exists related to chunked encoding that can result in application crashes. (CVE-2012-5132) - Use-after-free errors exist related to 'SVG' filters and printing. (CVE-2012-5133, CVE-2012-5135) - A buffer underflow error exists related to 'libxml'. (CVE-2012-5134) - A cast error exists related to input element handling. (CVE-2012-5136) Successful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges."); # https://chromereleases.googleblog.com/2012/11/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a4c4a38d"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 23.0.1271.91 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5135"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/26"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'23.0.1271.91', severity:SECURITY_HOLE);NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0004_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by affected by a heap-based underflow condition in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 89664 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89664 title VMware ESX / ESXi libxml2 RCE (VMSA-2013-0004) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89664); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-5134"); script_bugtraq_id(56684); script_xref(name:"VMSA", value:"2013-0004"); script_name(english:"VMware ESX / ESXi libxml2 RCE (VMSA-2013-0004) (remote check)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by affected by a heap-based underflow condition in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0004.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; build = 0; fix = FALSE; if ("ESX" >!< rel) audit(AUDIT_OS_NOT, "VMware ESX/ESXi"); extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver); if (empty_or_null(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); esx = extract[1]; ver = extract[2]; extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver); build = int(extract[1]); fixes = make_array( "4.0", 1070634, "4.1", 1050704 ); fix = fixes[ver]; if (!fix) audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build); if (build < fix) { report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1656-1.NASL description It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63165 published 2012-12-06 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63165 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1656-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1656-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(63165); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-5134"); script_bugtraq_id(56684); script_xref(name:"USN", value:"1656-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1656-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1656-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libxml2", pkgver:"2.6.31.dfsg-2ubuntu1.11")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libxml2", pkgver:"2.7.6.dfsg-1ubuntu1.7")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libxml2", pkgver:"2.7.8.dfsg-4ubuntu0.5")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libxml2", pkgver:"2.7.8.dfsg-5.1ubuntu4.3")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"libxml2", pkgver:"2.8.0+dfsg1-5ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4D64FC61387811E2A4EB00262D5ED8EE.NASL description Google Chrome Releases reports : [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. [155711] Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szasz. [158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Juri Aedla). [159165] Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. [159829] Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno). last seen 2020-06-01 modified 2020-06-02 plugin id 63069 published 2012-11-28 reporter This script is Copyright (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63069 title FreeBSD : chromium -- multiple vulnerabilities (4d64fc61-3878-11e2-a4eb-00262d5ed8ee) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2016 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(63069); script_version("$Revision: 1.8 $"); script_cvs_date("$Date: 2016/05/26 16:04:31 $"); script_cve_id("CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5134", "CVE-2012-5135", "CVE-2012-5136"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (4d64fc61-3878-11e2-a4eb-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. [155711] Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szasz. [158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Juri Aedla). [159165] Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. [159829] Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno)." ); # http://googlechromereleases.blogspot.nl/search/label/Stable%20updates script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bdc75d6a" ); # http://www.freebsd.org/ports/portaudit/4d64fc61-3878-11e2-a4eb-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?89db03e1" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/26"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<23.0.1271.91")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1512.NASL description Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 63105 published 2012-11-30 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63105 title RHEL 5 / 6 : libxml2 (RHSA-2012:1512) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1512. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(63105); script_version ("1.23"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-5134"); script_bugtraq_id(56684); script_xref(name:"RHSA", value:"2012:1512"); script_name(english:"RHEL 5 / 6 : libxml2 (RHSA-2012:1512)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1512" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5134" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1512"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"libxml2-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL5", reference:"libxml2-debuginfo-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL5", reference:"libxml2-devel-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libxml2-python-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"libxml2-python-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libxml2-python-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"RHEL6", reference:"libxml2-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libxml2-debuginfo-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", reference:"libxml2-devel-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-python-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-python-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-python-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-static-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-static-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-static-2.7.6-8.el6_3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64391 published 2013-02-01 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64391 title RHEL 6 : mingw32-libxml2 (RHSA-2013:0217) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0217. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64391); script_version("1.27"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-5134"); script_xref(name:"RHSA", value:"2013:0217"); script_name(english:"RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0217" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-0216" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4008" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1944" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2834" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2821" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3919" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3905" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5134" ); script_set_attribute( attribute:"solution", value: "Update the affected mingw32-libxml2, mingw32-libxml2-debuginfo and / or mingw32-libxml2-static packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0217"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-debuginfo-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-static-2.7.6-6.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libxml2 / mingw32-libxml2-debuginfo / etc"); } }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1512.NASL description From Red Hat Security Advisory 2012:1512 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68661 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68661 title Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1512) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1512 and # Oracle Linux Security Advisory ELSA-2012-1512 respectively. # include("compat.inc"); if (description) { script_id(68661); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-5134"); script_bugtraq_id(56684); script_xref(name:"RHSA", value:"2012:1512"); script_name(english:"Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1512)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1512 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-November/003154.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-November/003155.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"libxml2-2.6.26-2.1.15.0.1.el5_8.6")) flag++; if (rpm_check(release:"EL5", reference:"libxml2-devel-2.6.26-2.1.15.0.1.el5_8.6")) flag++; if (rpm_check(release:"EL5", reference:"libxml2-python-2.6.26-2.1.15.0.1.el5_8.6")) flag++; if (rpm_check(release:"EL6", reference:"libxml2-2.7.6-8.0.1.el6_3.4")) flag++; if (rpm_check(release:"EL6", reference:"libxml2-devel-2.7.6-8.0.1.el6_3.4")) flag++; if (rpm_check(release:"EL6", reference:"libxml2-python-2.7.6-8.0.1.el6_3.4")) flag++; if (rpm_check(release:"EL6", reference:"libxml2-static-2.7.6-8.0.1.el6_3.4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-devel / libxml2-python / libxml2-static"); }NASL family Scientific Linux Local Security Checks NASL id SL_20130131_MINGW32_LIBXML2_ON_SL6_X.NASL description IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) last seen 2020-03-18 modified 2013-02-04 plugin id 64425 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64425 title Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(64425); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-5134"); script_name(english:"Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=333 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bf695f37" ); script_set_attribute( attribute:"solution", value: "Update the affected mingw32-libxml2, mingw32-libxml2-debuginfo and / or mingw32-libxml2-static packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-debuginfo-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-static-2.7.6-6.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libxml2 / mingw32-libxml2-debuginfo / etc"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-341-03.NASL description New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63169 published 2012-12-07 reporter This script is Copyright (C) 2012-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63169 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libxml2 (SSA:2012-341-03) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2012-341-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(63169); script_version("$Revision: 1.8 $"); script_cvs_date("$Date: 2015/01/26 05:42:54 $"); script_cve_id("CVE-2012-5134"); script_bugtraq_id(56684); script_xref(name:"SSA", value:"2012-341-03"); script_name(english:"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libxml2 (SSA:2012-341-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.514209 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7c5ed02c" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libxml2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.1", pkgname:"libxml2", pkgver:"2.6.32", pkgarch:"i486", pkgnum:"3_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"libxml2", pkgver:"2.6.32", pkgarch:"i486", pkgnum:"4_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"libxml2", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"5_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libxml2", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"5_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"libxml2", pkgver:"2.7.6", pkgarch:"i486", pkgnum:"3_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libxml2", pkgver:"2.7.6", pkgarch:"x86_64", pkgnum:"3_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"libxml2", pkgver:"2.7.8", pkgarch:"i486", pkgnum:"5_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libxml2", pkgver:"2.7.8", pkgarch:"x86_64", pkgnum:"5_slack13.37")) flag++; if (slackware_check(osver:"14.0", pkgname:"libxml2", pkgver:"2.8.0", pkgarch:"i486", pkgnum:"2_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libxml2", pkgver:"2.8.0", pkgarch:"x86_64", pkgnum:"2_slack14.0")) flag++; if (slackware_check(osver:"current", pkgname:"libxml2", pkgver:"2.8.0", pkgarch:"i486", pkgnum:"2")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libxml2", pkgver:"2.8.0", pkgarch:"x86_64", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBXML2_20130702.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. (CVE-2012-5134) last seen 2020-06-01 modified 2020-06-02 plugin id 80689 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80689 title Oracle Solaris Third-Party Patch Update : libxml2 (cve_2012_5134_buffer_overflow) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80689); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-5134"); script_name(english:"Oracle Solaris Third-Party Patch Update : libxml2 (cve_2012_5134_buffer_overflow)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. (CVE-2012-5134)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/cve-2012-5134-buffer-overflow-vulnerability-in-libxml2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?437d45e7" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.7.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libxml2"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libxml2$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.7.0.5.0", sru:"SRU 11.1.7.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : libxml2\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libxml2");NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-854.NASL description A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. last seen 2020-06-05 modified 2014-06-13 plugin id 74846 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74846 title openSUSE Security Update : libxml2 (openSUSE-SU-2012:1647-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-854. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74846); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5134"); script_name(english:"openSUSE Security Update : libxml2 (openSUSE-SU-2012:1647-1)"); script_summary(english:"Check for the openSUSE-2012-854 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793334" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-12/msg00028.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-debuginfo-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-debugsource-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-devel-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-32bit-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-debuginfo-32bit-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-devel-32bit-2.7.8+git20110708-3.15.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-2-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-2-debuginfo-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-debugsource-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-devel-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-tools-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxml2-tools-debuginfo-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"python-libxml2-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"python-libxml2-debuginfo-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"python-libxml2-debugsource-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxml2-2-32bit-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.7.8+git20120223-8.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxml2-devel-32bit-2.7.8+git20120223-8.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2"); }NASL family Scientific Linux Local Security Checks NASL id SL_20121129_LIBXML2_ON_SL5_X.NASL description A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-03-18 modified 2012-11-30 plugin id 63106 published 2012-11-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63106 title Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20121129) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(63106); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5134"); script_name(english:"Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20121129)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) The desktop must be restarted (log out, then log back in) for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1211&L=scientific-linux-errata&T=0&P=2504 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bbe1459c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"libxml2-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"SL5", reference:"libxml2-debuginfo-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"SL5", reference:"libxml2-devel-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"SL5", reference:"libxml2-python-2.6.26-2.1.15.el5_8.6")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-debuginfo-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-devel-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-python-2.7.6-8.el6_3.4")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-static-2.7.6-8.el6_3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-8392.NASL description A heap-based buffer underflow in the entity decoding of libxml2 could have caused a Denial of Service or potentially allowed the execution of arbitrary code. This has been fixed. last seen 2020-06-05 modified 2012-12-13 plugin id 63259 published 2012-12-13 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63259 title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8392) NASL family Windows NASL id ITUNES_11_1_4.NASL description The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues : - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 72104 published 2014-01-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72104 title Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-845.NASL description Chromium was updated to 25.0.1343 - Security Fixes (bnc#791234 and bnc#792154) : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. - CVE-2012-5138: Incorrect file path handling - CVE-2012-5137: Use-after-free in media source handling - Correct build so that proprietary codecs can be used when the chromium-ffmpeg package is installed - Update to 25.0.1335 - (gtk) Fixed <input> selection renders white text on white background in apps. (Issue: 158422) - Fixed translate infobar button to show selected language. (Issue: 155350) - Fixed broken Arabic language. (Issue: 158978) - Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) - Fixed JavaScript rendering issue. (Issue: 159655) - No further indications in the ChangeLog - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - add explicit buildrequire on libbz2-devel last seen 2020-06-05 modified 2014-06-13 plugin id 74839 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74839 title openSUSE Security Update : Chromium (openSUSE-SU-2012:1637-1) NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and last seen 2020-06-01 modified 2020-06-02 plugin id 70886 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70886 title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-056.NASL description Multiple vulnerabilities was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption (CVE-2013-0338). An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66070 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66070 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1022489_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following vulnerabilities : - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - A privilege escalation vulnerability exists due to improper handling of control code in the lgtosync.sys driver. A local attacker can exploit this escalate privileges on Windows-based 32-bit guest operating systems. (CVE-2013-3519) last seen 2020-06-01 modified 2020-06-02 plugin id 70877 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70877 title ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1512.NASL description Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 63100 published 2012-11-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63100 title CentOS 5 / 6 : libxml2 (CESA-2012:1512) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0004.NASL description a. Update to ESX/ESXi libxml2 userworld and service console. The ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions: libxml2-2.6.26-2.1.15.el5_8.6 libxml2-python-2.6.26-2.1.15.el5_8.6 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5134 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 65735 published 2013-03-29 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65735 title VMSA-2013-0004 : VMware ESXi and ESX security update for third-party library NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2580.NASL description Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. last seen 2020-03-17 modified 2012-12-03 plugin id 63126 published 2012-12-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63126 title Debian DSA-2580-1 : libxml2 - buffer overflow NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-143.NASL description A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) last seen 2020-06-01 modified 2020-06-02 plugin id 69633 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69633 title Amazon Linux AMI : libxml2 (ALAS-2012-143) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXML2-121207.NASL description A heap-based buffer underflow in the entity decoding of libxml2 could have caused a Denial of Service or potentially allowed the execution of arbitrary code. This has been fixed. last seen 2020-06-05 modified 2013-01-25 plugin id 64206 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64206 title SuSE 11.2 Security Update : libxml2 (SAT Patch Number 7140) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10669.NASL description According to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library : - A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944) - A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841) - A heap-based buffer overflow vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 80957 published 2015-01-23 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80957 title Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669) NASL family Peer-To-Peer File Sharing NASL id ITUNES_11_1_2_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities : - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 70589 published 2013-10-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70589 title Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id ITUNES_11_1_2.NASL description The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues : - An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution. (CVE-2013-1024) - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 70588 published 2013-10-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70588 title Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1627-1.NASL description libxml2 has been updated to fix the following security issue : - CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka last seen 2020-06-05 modified 2015-05-20 plugin id 83599 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83599 title SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1) NASL family Misc. NASL id APPLETV_6_0.NASL description According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 70257 published 2013-10-01 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70257 title Apple TV < 6.0 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0217.NASL description From Red Hat Security Advisory 2013:0217 : Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 68721 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68721 title Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64384 published 2013-02-01 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64384 title CentOS 6 : mingw32-libxml2 (CESA-2013:0217) NASL family Peer-To-Peer File Sharing NASL id ITUNES_11_1_4_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities : - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 72105 published 2014-01-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72105 title Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-06.NASL description The remote host is affected by the vulnerability described in GLSA-201311-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted document with an application linked against libxml2, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70836 published 2013-11-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70836 title GLSA-201311-06 : libxml2: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-176.NASL description A vulnerability was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63134 published 2012-12-03 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63134 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:176)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 56684 CVE(CAN) ID: CVE-2012-5130,CVE-2012-5131,CVE-2012-5132,CVE-2012-5133,CVE-2012-5134,CVE-2012-5135,CVE-2012-5136 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome 23.0.1271.91之前版本在实现上存在多个远程漏洞,攻击者可利用这些漏洞在浏览器上下文中执行任意代码、造成拒绝服务、绕过同源策略等。 0 Google Chrome < 23.0.1271.91 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载23.0.1271.91版本: https://www.google.com/intl/zh-CN/chrome/browser/ |
| id | SSV:60479 |
| last seen | 2017-11-19 |
| modified | 2012-11-27 |
| published | 2012-11-27 |
| reporter | Root |
| title | Google Chrome 23.0.1271.91之前版本多个远程漏洞 |
References
- http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
- http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2012-1512.html
- http://rhn.redhat.com/errata/RHSA-2012-1512.html
- http://rhn.redhat.com/errata/RHSA-2013-0217.html
- http://rhn.redhat.com/errata/RHSA-2013-0217.html
- http://secunia.com/advisories/51448
- http://secunia.com/advisories/51448
- http://secunia.com/advisories/54886
- http://secunia.com/advisories/54886
- http://secunia.com/advisories/55568
- http://secunia.com/advisories/55568
- http://support.apple.com/kb/HT5934
- http://support.apple.com/kb/HT5934
- http://support.apple.com/kb/HT6001
- http://support.apple.com/kb/HT6001
- http://www.debian.org/security/2012/dsa-2580
- http://www.debian.org/security/2012/dsa-2580
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
- http://www.securityfocus.com/bid/56684
- http://www.securityfocus.com/bid/56684
- http://www.securitytracker.com/id?1027815
- http://www.securitytracker.com/id?1027815
- http://www.ubuntu.com/usn/USN-1656-1
- http://www.ubuntu.com/usn/USN-1656-1
- https://bugzilla.redhat.com/show_bug.cgi?id=880466
- https://bugzilla.redhat.com/show_bug.cgi?id=880466
- https://code.google.com/p/chromium/issues/detail?id=158249
- https://code.google.com/p/chromium/issues/detail?id=158249
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80294