Vulnerabilities > CVE-2017-9233 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-266-02.NASL description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 103424 published 2017-09-25 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103424 title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2017-266-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(103424); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2017/09/25 13:28:56 $"); script_cve_id("CVE-2016-0718", "CVE-2016-4472", "CVE-2016-9063", "CVE-2017-9233"); script_xref(name:"SSA", value:"2017-266-02"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.436421 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9e0c1fdd" ); script_set_attribute( attribute:"solution", value:"Update the affected python package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"python", pkgver:"2.7.14", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"python", pkgver:"2.7.14", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"python", pkgver:"2.7.14", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"python", pkgver:"2.7.14", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"python", pkgver:"2.7.14", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"python", pkgver:"2.7.14", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"python", pkgver:"2.7.14", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"python", pkgver:"2.7.14", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3356-1.NASL description It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101835 published 2017-07-20 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101835 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : expat vulnerability (USN-3356-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3356-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(101835); script_version("3.8"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-9233"); script_xref(name:"USN", value:"3356-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : expat vulnerability (USN-3356-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3356-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected lib64expat1 and / or libexpat1 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64expat1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libexpat1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/25"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"lib64expat1", pkgver:"2.1.0-4ubuntu1.4")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libexpat1", pkgver:"2.1.0-4ubuntu1.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"lib64expat1", pkgver:"2.1.0-7ubuntu0.16.04.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libexpat1", pkgver:"2.1.0-7ubuntu0.16.04.3")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"lib64expat1", pkgver:"2.2.0-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libexpat1", pkgver:"2.2.0-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"lib64expat1", pkgver:"2.2.0-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"libexpat1", pkgver:"2.2.0-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lib64expat1 / libexpat1"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1896.NASL description According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-16 plugin id 128819 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128819 title EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1896) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128819); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2017-9233" ); script_name(english:"EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1896)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1896 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7a53df73"); script_set_attribute(attribute:"solution", value: "Update the affected expat package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:expat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:expat-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["expat-2.1.0-10.h6.eulerosv2r7", "expat-devel-2.1.0-10.h6.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "expat"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2433.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131587 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131587 title EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131587); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2016-9063", "CVE-2017-9233", "CVE-2019-15903" ); script_name(english:"EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2433 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?92ed9f7c"); script_set_attribute(attribute:"solution", value: "Update the affected expat packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:expat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:expat-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["expat-2.1.0-10.h4", "expat-devel-2.1.0-10.h4"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "expat"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-990.NASL description It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library : https://libexpat.github.io/doc/cve-2017-9233/ For Debian 7 last seen 2020-03-17 modified 2017-06-19 plugin id 100850 published 2017-06-19 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100850 title Debian DLA-990-1 : expat security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-A44F9AA38B.NASL description https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-13 plugin id 101509 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101509 title Fedora 24 : expat (2017-a44f9aa38b) NASL family MacOS X Local Security Checks NASL id MACOS_10_13.NASL description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 103598 published 2017-10-03 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103598 title macOS < 10.13 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1935.NASL description According to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128938 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128938 title EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1935) NASL family Fedora Local Security Checks NASL id FEDORA_2017-18601AD5D2.NASL description https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101578 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101578 title Fedora 26 : expat (2017-18601ad5d2) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-124-01.NASL description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109583 published 2018-05-07 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109583 title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1445.NASL description According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135607 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135607 title EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL03244804.NASL description XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. (CVE-2017-9233) Impact BIG-IP Administrative interfaces, such as iControl SOAP, are vulnerable to a denial-of-service (DoS) attack if a malicious XML document is uploaded to and processed by the BIG-IP system. The XML process in the data plane is not affected. BIG-IQ This XML external entity vulnerability may allow attackers to put the parser in an infinite loop using a malformed external entity definition. last seen 2020-03-17 modified 2019-04-22 plugin id 124206 published 2019-04-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124206 title F5 Networks BIG-IP : XML vulnerability (K03244804) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2375-1.NASL description This update for expat fixes the following issues : - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102989 published 2017-09-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102989 title SUSE SLES11 Security Update : expat (SUSE-SU-2017:2375-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9164F51EAE2011E7A633009C02A2AB30.NASL description Python reports : Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details. last seen 2020-06-01 modified 2020-06-02 plugin id 103796 published 2017-10-12 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103796 title FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-993.NASL description This update for expat fixes the following issues : - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-09-05 plugin id 102946 published 2017-09-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102946 title openSUSE Security Update : expat (openSUSE-2017-993) NASL family Fedora Local Security Checks NASL id FEDORA_2017-2C5635CD97.NASL description https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-13 plugin id 101499 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101499 title Fedora 25 : expat (2017-2c5635cd97) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2299-1.NASL description This update for expat fixes the following issues : - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102854 published 2017-08-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102854 title SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:2299-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL description python release notes : Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details. last seen 2020-06-01 modified 2020-06-02 plugin id 109594 published 2018-05-07 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109594 title FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0497-1.NASL description This update for python3 fixes the following issues : Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6 : Security issues fixed : Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-27 plugin id 134106 published 2020-02-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134106 title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3898.NASL description Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. - CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. last seen 2020-06-01 modified 2020-06-02 plugin id 101035 published 2017-06-26 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101035 title Debian DSA-3898-1 : expat - security update NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-199-01.NASL description New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101789 published 2017-07-19 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101789 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2017-199-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2256.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130718 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130718 title EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E375FF3F7FEC11E8808828D244AEE256.NASL description Mitre reports : An integer overflow during the parsing of XML using the Expat library. XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. last seen 2020-06-01 modified 2020-06-02 plugin id 110934 published 2018-07-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110934 title FreeBSD : expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)
References
- https://libexpat.github.io/doc/cve-2017-9233/
- https://github.com/libexpat/libexpat/blob/master/expat/Changes
- http://www.openwall.com/lists/oss-security/2017/06/17/7
- http://www.securityfocus.com/bid/99276
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208144
- https://support.apple.com/HT208115
- https://support.apple.com/HT208113
- https://support.apple.com/HT208112
- http://www.debian.org/security/2017/dsa-3898
- https://support.f5.com/csp/article/K03244804
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E