Vulnerabilities > CVE-2018-1311 - Use After Free vulnerability in multiple products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0028_XERCES-C.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. (CVE-2018-1311) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-05
    modified2020-05-27
    plugin id136911
    published2020-05-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136911
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2020-0028)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2020-0028. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136911);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-1311");
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2020-0028)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected
    by a vulnerability:
    
      - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a
        use-after-free error triggered during the scanning of
        external DTDs. This flaw has not been addressed in the
        maintained version of the library and has no current
        mitigation other than to disable DTD processing. This
        can be accomplished via the DOM using a standard parser
        feature, or via SAX using the XERCES_DISABLE_DTD
        environment variable. (CVE-2018-1311)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0028");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL xerces-c packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1311");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "xerces-c-3.1.1-10.el7_7",
        "xerces-c-debuginfo-3.1.1-10.el7_7",
        "xerces-c-devel-3.1.1-10.el7_7",
        "xerces-c-doc-3.1.1-10.el7_7"
      ],
      "CGSL MAIN 5.04": [
        "xerces-c-3.1.1-10.el7_7",
        "xerces-c-debuginfo-3.1.1-10.el7_7",
        "xerces-c-devel-3.1.1-10.el7_7",
        "xerces-c-doc-3.1.1-10.el7_7"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xerces-c");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0702.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-17
    modified2020-03-06
    plugin id134237
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134237
    titleCentOS 6 : xerces-c (CESA-2020:0702)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0702 and 
    # CentOS Errata and Security Advisory 2020:0702 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134237);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/10");
    
      script_cve_id("CVE-2018-1311");
      script_xref(name:"RHSA", value:"2020:0702");
    
      script_name(english:"CentOS 6 : xerces-c (CESA-2020:0702)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for xerces-c is now available for Red Hat Enterprise Linux
    6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Xerces-C is a validating XML parser written in a portable subset of
    C++. Xerces-C makes it easy to give your application the ability to
    read and write XML data. A shared library is provided for parsing,
    generating, manipulating, and validating XML documents.
    
    Security Fix(es) :
    
    * xerces-c: XML parser contains a use-after-free error triggered
    during the scanning of external DTDs (CVE-2018-1311)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2020-March/035653.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?31c097d3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xerces-c packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1311");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xerces-c");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xerces-c-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xerces-c-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"xerces-c-3.0.1-21.el6_10")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"xerces-c-devel-3.0.1-21.el6_10")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"xerces-c-doc-3.0.1-21.el6_10")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xerces-c / xerces-c-devel / xerces-c-doc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0271_XERCES.NASL
    descriptionAn update of the xerces package has been released.
    last seen2020-03-17
    modified2020-02-06
    plugin id133502
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133502
    titlePhoton OS 1.0: Xerces PHSA-2020-1.0-0271
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0271. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133502);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/06");
    
      script_cve_id("CVE-2018-1311");
    
      script_name(english:"Photon OS 1.0: Xerces PHSA-2020-1.0-0271");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the xerces package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-271.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1311");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"xerces-c-3.2.2-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"xerces-c-debuginfo-3.2.2-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"xerces-c-devel-3.2.2-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xerces");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200304_XERCES_C_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)
    last seen2020-03-18
    modified2020-03-06
    plugin id134275
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134275
    titleScientific Linux Security Update : xerces-c on SL7.x x86_64 (20200304)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134275);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/10");
    
      script_cve_id("CVE-2018-1311");
    
      script_name(english:"Scientific Linux Security Update : xerces-c on SL7.x x86_64 (20200304)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - xerces-c: XML parser contains a use-after-free error
        triggered during the scanning of external DTDs
        (CVE-2018-1311)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2003&L=SCIENTIFIC-LINUX-ERRATA&P=407
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d15fa7f3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xerces-c");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xerces-c-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xerces-c-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xerces-c-doc");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xerces-c-3.1.1-10.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xerces-c-debuginfo-3.1.1-10.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xerces-c-devel-3.1.1-10.el7_7")) flag++;
    if (rpm_check(release:"SL7", reference:"xerces-c-doc-3.1.1-10.el7_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xerces-c / xerces-c-debuginfo / xerces-c-devel / xerces-c-doc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0702.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-03-06
    plugin id134266
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134266
    titleRHEL 6 : xerces-c (RHSA-2020:0702)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0704.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-17
    modified2020-03-06
    plugin id134239
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134239
    titleCentOS 7 : xerces-c (CESA-2020:0704)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1415.NASL
    descriptionA use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition (DTD) may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or potentially lead to arbitrary code execution. (CVE-2018-1311)
    last seen2020-04-30
    modified2020-04-24
    plugin id135933
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135933
    titleAmazon Linux 2 : xerces-c (ALAS-2020-1415)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200304_XERCES_C_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)
    last seen2020-03-18
    modified2020-03-06
    plugin id134274
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134274
    titleScientific Linux Security Update : xerces-c on SL6.x i386/x86_64 (20200304)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0704.NASL
    descriptionAn update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-03-06
    plugin id134268
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134268
    titleRHEL 7 : xerces-c (RHSA-2020:0704)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0702.NASL
    descriptionFrom Red Hat Security Advisory 2020:0702 : An update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-03-09
    plugin id134338
    published2020-03-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134338
    titleOracle Linux 6 : xerces-c (ELSA-2020-0702)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0704.NASL
    descriptionFrom Red Hat Security Advisory 2020:0704 : An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es) : * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-03-09
    plugin id134340
    published2020-03-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134340
    titleOracle Linux 7 : xerces-c (ELSA-2020-0704)

Redhat

advisories
  • bugzilla
    id1788472
    titleCVE-2018-1311 xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentxerces-c-doc is earlier than 0:3.0.1-21.el6_10
            ovaloval:com.redhat.rhsa:tst:20200702001
          • commentxerces-c-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193004
        • AND
          • commentxerces-c-devel is earlier than 0:3.0.1-21.el6_10
            ovaloval:com.redhat.rhsa:tst:20200702003
          • commentxerces-c-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193002
        • AND
          • commentxerces-c is earlier than 0:3.0.1-21.el6_10
            ovaloval:com.redhat.rhsa:tst:20200702005
          • commentxerces-c is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193006
    rhsa
    idRHSA-2020:0702
    released2020-03-04
    severityImportant
    titleRHSA-2020:0702: xerces-c security update (Important)
  • bugzilla
    id1788472
    titleCVE-2018-1311 xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentxerces-c-doc is earlier than 0:3.1.1-10.el7_7
            ovaloval:com.redhat.rhsa:tst:20200704001
          • commentxerces-c-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193004
        • AND
          • commentxerces-c-devel is earlier than 0:3.1.1-10.el7_7
            ovaloval:com.redhat.rhsa:tst:20200704003
          • commentxerces-c-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193002
        • AND
          • commentxerces-c is earlier than 0:3.1.1-10.el7_7
            ovaloval:com.redhat.rhsa:tst:20200704005
          • commentxerces-c is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151193006
    rhsa
    idRHSA-2020:0704
    released2020-03-04
    severityImportant
    titleRHSA-2020:0704: xerces-c security update (Important)
rpms
  • xerces-c-0:3.0.1-21.el6_10
  • xerces-c-debuginfo-0:3.0.1-21.el6_10
  • xerces-c-devel-0:3.0.1-21.el6_10
  • xerces-c-doc-0:3.0.1-21.el6_10
  • xerces-c-0:3.1.1-10.el7_7
  • xerces-c-debuginfo-0:3.1.1-10.el7_7
  • xerces-c-devel-0:3.1.1-10.el7_7
  • xerces-c-doc-0:3.1.1-10.el7_7

References