Vulnerability CVE-2016-4448


Published: 2016-06-09

Description:
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Type:

CWE-134

(Uncontrolled Format String)

Vendor: Apple
Product: Iphone os 
Version: 9.3.2;
Product: IOS 
Version: 9.3.2;
Product: TVOS 
Version: 9.2.1;
Product: Icloud for windows 
Version: 5.2;
Product: Watchos 
Version: 2.2.1;
Product: Itunes 
Version: 12.4.1;
Product: Mac os x 
Version:
10.9.5
10.9.4
10.9.3
10.9.2
10.9.1
10.9
10.8.5
10.8.4
10.8.3
10.8.2
10.8.1
10.8.0
10.7.5
10.7.4
10.7.3
10.7.2
10.7.1
10.7.0
10.6.8
10.6.7
10.6.6
10.6.5
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8
10.5.7
10.5.6
10.5.5
10.5.4
10.5.3
10.5.2
10.5.1
10.5.0
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server eus 
Version:
7.7
7.6
7.5
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux server tus 
Version:
7.7
7.6
7.3
7.2
See more versions on NVD
Product: Enterprise linux server aus 
Version:
7.7
7.6
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Product: Enterprise linux 
Version:
7.0
6.0
5
See more versions on NVD
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Jboss web server 
Version: 3.0;
Vendor: Mcafee
Product: Web gateway 
Version:
7.6.2.3
7.6.2.2
7.6.2.1
7.6.2
7.6.1.3
7.6.1.2
7.6.1.1
7.6.1
7.6.0.1
7.6.0.0
7.5.2.10
See more versions on NVD
Vendor: Oracle
Product: Linux 
Version: 7; 6.0;
Product: Vm server 
Version: 3.4; 3.3;
Vendor: Mageia.org
Product: Mageia 
Version: 5;
Vendor: Novell
Product: Suse openstack cloud 
Version: 5;
Product: Opensuse leap 
Version: 42.1;
Product: Suse manager proxy 
Version: 2.1;
Product: Suse manager 
Version: 2.1;
Product: Suse linux enterprise server 
Version: 12.0; 11.0;
Product: Suse linux enterprise software development kit 
Version: 12.0; 11.0;
Product: Suse linux enterprise desktop 
Version: 12.0;
Vendor: Tenable
Product: Log correlation engine 
Version: 4.8.0;
Vendor: HP
Product: Icewall federation agent 
Version: 3.0;
Vendor: Xmlsoft
Product: Libxml2 
Version: 2.9.3;
Vendor: IBM
Product: Lotus protector for mail security 
Version: 2.8.1; 2.8;
Vendor: Slackware
Product: Slackware linux 
Version: 14.1; 14.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.openwall.com/lists/oss-security/2016/05/25/2
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/90856
http://www.securitytracker.com/id/1036348
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
http://xmlsoft.org/news.html
https://access.redhat.com/errata/RHSA-2016:1292
https://bugzilla.redhat.com/show_bug.cgi?id=1338700
https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
https://support.apple.com/HT206899
https://support.apple.com/HT206901
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206904
https://support.apple.com/HT206905
https://www.tenable.com/security/tns-2016-18

Related CVE
CVE-2018-9336
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory...
CVE-2018-7185
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...
CVE-2018-7184
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...
CVE-2018-7170
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sy...
CVE-2013-4854
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio...
CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
CVE-2007-0823
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive inform...
CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated s...

Copyright 2019, cxsecurity.com

 

Back to Top