Podatność CVE-2008-1767

Podatność CVE-2008-1767

Publikacja: 2008-05-23 Modyfikacja: 2012-02-12

Opis:

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

Typ:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
7.5/10	6.4/10	10/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Niska	Nie wymagana
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Częściowy	Częściowy	Częściowy

Affected software
Redhat -> Desktop
Redhat -> Enterprise linux
Redhat -> Enterprise linux desktop
Redhat -> Enterprise linux desktop workstation
Redhat -> Linux advanced workstation

Referencje:

http://xforce.iss.net/xforce/xfdb/42560

http://www.vupen.com/english/advisories/2008/2780

http://www.vupen.com/english/advisories/2008/2094/references

http://www.vupen.com/english/advisories/2008/1580/references

http://www.ubuntu.com/usn/usn-633-1

http://www.securitytracker.com/id?1020071

http://www.securityfocus.com/bid/31681

http://www.securityfocus.com/bid/29312

http://www.redhat.com/support/errata/RHSA-2008-0287.html

http://www.novell.com/linux/security/advisories/2008_13_sr.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:151

http://support.apple.com/kb/HT3298

http://support.apple.com/kb/HT3216

http://secunia.com/advisories/32222

http://secunia.com/advisories/31363

http://secunia.com/advisories/31074

http://secunia.com/advisories/30717

http://secunia.com/advisories/30323

http://secunia.com/advisories/30315

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9785

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

http://bugzilla.gnome.org/show_bug.cgi?id=527297

http://www.debian.org/security/2008/dsa-1589

http://security.gentoo.org/glsa/glsa-200806-02.xml

http://secunia.com/advisories/30521

http://secunia.com/advisories/30393

Podatność CVE-2008-1767

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

CWE-119

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Zdalny

Niska

Nie wymagana

Częściowy

Częściowy

Częściowy

Affected software

Referencje: