Vulnerability CVE-2016-4448


Published: 2016-06-09

Description:
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Type:

CWE-134

(Uncontrolled Format String)

Vendor: Apple
Product: Iphone os 
Version: 9.3.2;
Product: IOS 
Version: 9.3.2;
Product: TVOS 
Version: 9.2.1;
Product: Icloud for windows 
Version: 5.2;
Product: Watchos 
Version: 2.2.1;
Product: Itunes 
Version: 12.4.1;
Product: Mac os x 
Version:
10.9.5
10.9.4
10.9.3
10.9.2
10.9.1
10.9
10.8.5
10.8.4
10.8.3
10.8.2
10.8.1
10.8.0
10.7.5
10.7.4
10.7.3
10.7.2
10.7.1
10.7.0
10.6.8
10.6.7
10.6.6
10.6.5
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8
10.5.7
10.5.6
10.5.5
10.5.4
10.5.3
10.5.2
10.5.1
10.5.0
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server eus 
Version:
7.7
7.6
7.5
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux server tus 
Version:
7.7
7.6
7.3
7.2
See more versions on NVD
Product: Enterprise linux server aus 
Version:
7.7
7.6
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Product: Enterprise linux 
Version:
7.0
6.0
5
See more versions on NVD
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Jboss web server 
Version: 3.0;
Vendor: Mcafee
Product: Web gateway 
Version:
7.6.2.3
7.6.2.2
7.6.2.1
7.6.2
7.6.1.3
7.6.1.2
7.6.1.1
7.6.1
7.6.0.1
7.6.0.0
7.5.2.10
See more versions on NVD
Vendor: Oracle
Product: Linux 
Version: 7; 6.0;
Product: Vm server 
Version: 3.4; 3.3;
Vendor: Mageia.org
Product: Mageia 
Version: 5;
Vendor: Novell
Product: Suse openstack cloud 
Version: 5;
Product: Opensuse leap 
Version: 42.1;
Product: Suse manager proxy 
Version: 2.1;
Product: Suse manager 
Version: 2.1;
Product: Suse linux enterprise server 
Version: 12.0; 11.0;
Product: Suse linux enterprise software development kit 
Version: 12.0; 11.0;
Product: Suse linux enterprise desktop 
Version: 12.0;
Vendor: Tenable
Product: Log correlation engine 
Version: 4.8.0;
Vendor: HP
Product: Icewall federation agent 
Version: 3.0;
Vendor: Xmlsoft
Product: Libxml2 
Version: 2.9.3;
Vendor: IBM
Product: Lotus protector for mail security 
Version: 2.8.1; 2.8;
Vendor: Slackware
Product: Slackware linux 
Version: 14.1; 14.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.openwall.com/lists/oss-security/2016/05/25/2
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/90856
http://www.securitytracker.com/id/1036348
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
http://xmlsoft.org/news.html
https://access.redhat.com/errata/RHSA-2016:1292
https://bugzilla.redhat.com/show_bug.cgi?id=1338700
https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
https://support.apple.com/HT206899
https://support.apple.com/HT206901
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206904
https://support.apple.com/HT206905
https://www.tenable.com/security/tns-2016-18

Related CVE
CVE-2013-7171
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
CVE-2013-7172
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
CVE-2019-11135
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2018-9336
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory...
CVE-2018-7185
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...
CVE-2018-7184
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...
CVE-2018-7170
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sy...
CVE-2013-4854
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio...

Copyright 2019, cxsecurity.com

 

Back to Top