Vulnerabilities > CVE-2016-9318 - XXE vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
xmlsoft
canonical
CWE-611
nessus

Summary

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
148
Application
Xmlsec_Project
1
OS
Canonical
4

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0164-1.NASL
    descriptionThis update for libxml2 fixes the following issues : - CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). - Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96566
    published2017-01-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96566
    titleSUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0164-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96566);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-9318");
    
      script_name(english:"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following issues :
    
      - CVE-2016-9318: libxml2 did not offer a flag directly
        indicating that the current document may be read but
        other files may not be opened, which made it easier for
        remote attackers to conduct XML External Entity (XXE)
        attacks via a crafted document (bsc#1010675).
    
      - Prevent NULL dereference in xpointer.c and
        xmlDumpElementContent, and infinite recursion in
        xmlParseConditionalSections when in recovery
        mode(bnc#1014873)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9318/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170164-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5634930f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-libxml2-12940=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-libxml2-12940=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-libxml2-12940=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libxml2-32bit-2.7.6-0.64.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libxml2-32bit-2.7.6-0.64.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libxml2-2.7.6-0.64.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libxml2-doc-2.7.6-0.64.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libxml2-python-2.7.6-0.64.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1070.NASL
    descriptionAccording to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted documenti1/4Z(CVE-2016-9318) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-03
    plugin id99936
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99936
    titleEulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99936);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-9318"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libxml2 packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and
        earlier and other products, does not offer a flag
        directly indicating that the current document may be
        read but other files may not be opened, which makes it
        easier for remote attackers to conduct XML External
        Entity (XXE) attacks via a crafted
        documenti1/4Z(CVE-2016-9318)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1070
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4777d6a");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libxml2 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libxml2-2.9.1-6.3.h2",
            "libxml2-devel-2.9.1-6.3.h2",
            "libxml2-python-2.9.1-6.3.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1366-1.NASL
    descriptionThis update for libxml2 fixes the following issues : - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497) - CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652) - CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100352
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100352
    titleSUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1366-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100352);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2014-0191", "CVE-2016-9318", "CVE-2016-9597");
      script_bugtraq_id(67233);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following issues :
    
      - Fix NULL dereference in xpointer.c when in recovery mode
        [bsc#1014873]
    
      - CVE-2016-9597: An XML document with many opening tags
        could have caused a overflow of the stack not detected
        by the recursion limits, allowing for DoS (bsc#1017497)
    
      - CVE-2014-0191: External parameter entity loaded when
        entity substitution is disabled could cause a DoS.
        (bsc#876652)
    
      - CVE-2016-9318: XML External Entity (XXE) could be abused
        via crafted document. (bsc#1010675)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1017497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=876652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0191/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9318/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9597/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171366-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?928a1587"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-833=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-833=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-833=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-tools-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-tools-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-debuginfo-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-tools-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-tools-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-debugsource-2.9.1-26.12.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1069.NASL
    descriptionAccording to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted documenti1/4Z(CVE-2016-9318) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-02
    plugin id99916
    published2017-05-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99916
    titleEulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99916);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-9318"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libxml2 packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and
        earlier and other products, does not offer a flag
        directly indicating that the current document may be
        read but other files may not be opened, which makes it
        easier for remote attackers to conduct XML External
        Entity (XXE) attacks via a crafted
        documenti1/4Z(CVE-2016-9318)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1069
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a428c71d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libxml2 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libxml2-2.9.1-6.3.h1",
            "libxml2-devel-2.9.1-6.3.h1",
            "libxml2-python-2.9.1-6.3.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1896-1.NASL
    descriptionThis update for libxml2 fixes the following issues : Issue fixed : Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126814
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126814
    titleSUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2019:1896-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0380-1.NASL
    descriptionThis update for libxml2 fixes the following issues : - CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97015
    published2017-02-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97015
    titleSUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1353.NASL
    descriptionAccording to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.i1/4^CVE-2016-9318i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-05-10
    plugin id124731
    published2019-05-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124731
    titleEulerOS Virtualization 2.5.3 : libxml2 (EulerOS-SA-2019-1353)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1557-1.NASL
    descriptionThis update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100780
    published2017-06-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100780
    titleSUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201711-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104492
    published2017-11-10
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104492
    titleGLSA-201711-01 : libxml2: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-244.NASL
    descriptionThis update for libxml2 fixes the following issues : - CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-02-13
    plugin id97116
    published2017-02-13
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97116
    titleopenSUSE Security Update : libxml2 (openSUSE-2017-244)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13985-1.NASL
    descriptionThis update for libxml2 fixes the following issues : Security issue fixed : CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Other Issue fixed: Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123073
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123073
    titleSUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:13985-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-A3A47973EB.NASL
    descriptionUpdate to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-20
    plugin id99491
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99491
    titleFedora 25 : libxml2 (2017-a3a47973eb)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0001.NASL
    descriptionAn update of [openssh,linux,libxml2] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111850
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111850
    titlePhoton OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-BE8574D593.NASL
    descriptionUpdate to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-20
    plugin id99492
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99492
    titleFedora 24 : libxml2 (2017-be8574d593)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0001_LIBXML2.NASL
    descriptionAn update of the libxml2 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121663
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121663
    titlePhoton OS 1.0: Libxml2 PHSA-2017-0001