Vulnerabilities > CVE-2013-4520 - Unspecified vulnerability in Xmlsoft Libxslt
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXSLT-131106.NASL description libxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520) last seen 2020-06-05 modified 2013-11-12 plugin id 70843 published 2013-11-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70843 title SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(70843); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3970", "CVE-2012-2825", "CVE-2012-6139", "CVE-2013-4520"); script_name(english:"SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849019" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3970.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2825.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6139.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4520.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8500 / 8501 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-07.NASL description The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71907 published 2014-01-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71907 title GLSA-201401-07 : libxslt: Denial of Service code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-07. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(71907); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-2870", "CVE-2012-2893", "CVE-2012-6139", "CVE-2013-4520"); script_bugtraq_id(55331, 55676, 58685, 63548); script_xref(name:"GLSA", value:"201401-07"); script_name(english:"GLSA-201401-07 : libxslt: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-07" ); script_set_attribute( attribute:"solution", value: "All libxslt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libxslt-1.1.28' Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libxslt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/libxslt", unaffected:make_list("ge 1.1.28"), vulnerable:make_list("lt 1.1.28"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }
References
- http://seclists.org/oss-sec/2013/q4/238
- http://seclists.org/oss-sec/2013/q4/239
- http://secunia.com/advisories/56072
- http://www.osvdb.org/99671
- https://bugzilla.novell.com/show_bug.cgi?id=849019
- https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa
- https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
- https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html