Podatność CVE-2004-0989


Publikacja: 2005-03-01   Modyfikacja: 2012-02-12

Opis:
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Xmlstarlet -> Command line xml toolkit 
Xmlsoft -> Libxml 
Xmlsoft -> Libxml2 
Ubuntu -> Ubuntu linux 
Trustix -> Secure linux 
Redhat -> Fedora core 

 Referencje:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/

Copyright 2024, cxsecurity.com

 

Back to Top