Vulnerabilities > CVE-2016-5300 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C9C252F52DEF11E6AE88002590263BF5.NASL description Sebastian Pipping reports : CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876. last seen 2020-06-01 modified 2020-06-02 plugin id 91526 published 2016-06-09 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91526 title FreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(91526); script_version("2.7"); script_cvs_date("Date: 2018/11/23 12:49:57"); script_cve_id("CVE-2012-6702", "CVE-2016-5300"); script_name(english:"FreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sebastian Pipping reports : CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876." ); script_set_attribute( attribute:"see_also", value:"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210155" ); # https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a9e2354" ); # http://www.openwall.com/lists/oss-security/2016/03/18/3 script_set_attribute( attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2016/03/18/3" ); # https://vuxml.freebsd.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eccb43af" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:expat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/18"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"expat<2.1.1_1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3013-1.NASL description It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91729 published 2016-06-21 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91729 title Ubuntu 12.04 LTS : xmlrpc-c vulnerabilities (USN-3013-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-0FD6CA526A.NASL description Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92229 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92229 title Fedora 22 : expat (2016-0fd6ca526a) NASL family Fedora Local Security Checks NASL id FEDORA_2016-7C6E7A9265.NASL description Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92117 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92117 title Fedora 24 : expat (2016-7c6e7a9265) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0415-1.NASL description This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97065 published 2017-02-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97065 title SUSE SLES11 Security Update : expat (SUSE-SU-2017:0415-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0424-1.NASL description This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97080 published 2017-02-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97080 title SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:0424-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-124-01.NASL description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109583 published 2018-05-07 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109583 title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-260.NASL description This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-02-21 plugin id 97280 published 2017-02-21 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97280 title openSUSE Security Update : expat (openSUSE-2017-260) NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_6_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 100026 published 2017-05-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100026 title Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-508.NASL description Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 This issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. CVE-2016-5300 This is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries. For Debian 7 last seen 2020-03-17 modified 2016-06-09 plugin id 91523 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91523 title Debian DLA-508-1 : expat security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1698.NASL description According to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126540 published 2019-07-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126540 title EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1698) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9164F51EAE2011E7A633009C02A2AB30.NASL description Python reports : Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details. last seen 2020-06-01 modified 2020-06-02 plugin id 103796 published 2017-10-12 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103796 title FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3597.NASL description Two related issues have been discovered in Expat, a C library for parsing XML. - CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sorensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. - CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries. last seen 2020-06-01 modified 2020-06-02 plugin id 91506 published 2016-06-08 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91506 title Debian DSA-3597-1 : expat - security update NASL family Misc. NASL id PVS_5_2_0.NASL description The version of Tenable Passive Vulnerability Scanner (PVS) installed on the remote host is 5.x < 5.2.0. It is, therefore, affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Expat within file xmlparse.c due to a logical error in hash computations. An unauthenticated, remote attacker can exploit these, via a specially crafted XML file containing many identifiers with the same value, to cause the service to exhaust CPU resources. (CVE-2012-0876, CVE-2016-5300) - A flaw exists in the generate_hash_secret_salt() function in file lib/xmlparse.c within Expat due to the generation of non-random output by the PRNG. An unauthenticated, remote attacker can exploit this to more easily predict the PRNG output. (CVE-2012-6702) - Multiple buffer overflow conditions exist within Expat, specifically in the XML_GetBuffer() function in file lib/xmlparse.c, due to improper validation of user-supplied input when handling compressed XML content. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) - Multiple buffer overflow conditions exist within the Expat XML parser when handling malformed input documents due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718, CVE-2016-0719) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit these to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the last seen 2020-06-01 modified 2020-06-02 plugin id 96337 published 2017-01-06 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96337 title Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32) NASL family Fedora Local Security Checks NASL id FEDORA_2016-60889583AB.NASL description Security fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92102 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92102 title Fedora 23 : expat (2016-60889583ab) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1742.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126869 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126869 title EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1742) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-359-01.NASL description New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96092 published 2016-12-27 reporter This script is Copyright (C) 2016-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96092 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3010-1.NASL description It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91726 published 2016-06-21 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91726 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : expat vulnerabilities (USN-3010-1) NASL family Windows NASL id ITUNES_12_6.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 100025 published 2017-05-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100025 title Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-21.NASL description The remote host is affected by the vulnerability described in GLSA-201701-21 (Expat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. This attack could also be used against automated systems that arbitrarily process XML files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96415 published 2017-01-12 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96415 title GLSA-201701-21 : Expat: Multiple vulnerabilities NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL70938105.NASL description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (CVE-2016-5300) Impact An attacker may be able to cause a denial-of-service (DoS) attack by way ofcrafted identifiers in an XML document. last seen 2020-03-17 modified 2016-10-27 plugin id 94301 published 2016-10-27 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94301 title F5 Networks BIG-IP : Expat XML library vulnerability (K70938105) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2063.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129256 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129256 title EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063) NASL family MacOS X Local Security Checks NASL id MACOS_ITUNES_12_6.NASL description The version of Apple iTunes installed on the remote macOS or Mac OS X host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 100027 published 2017-05-08 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100027 title Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1666.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-06-27 plugin id 126293 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126293 title EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)
References
- http://www.debian.org/security/2016/dsa-3597
- http://www.debian.org/security/2016/dsa-3597
- http://www.openwall.com/lists/oss-security/2016/06/04/4
- http://www.openwall.com/lists/oss-security/2016/06/04/4
- http://www.openwall.com/lists/oss-security/2016/06/04/5
- http://www.openwall.com/lists/oss-security/2016/06/04/5
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91159
- http://www.securityfocus.com/bid/91159
- http://www.ubuntu.com/usn/USN-3010-1
- http://www.ubuntu.com/usn/USN-3010-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201701-21
- https://security.gentoo.org/glsa/201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20