CVE-2004-0989

Executive Summary

Informations
Name	CVE-2004-0989	First vendor Publication	2005-03-01
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989

CAPEC : Common Attack Pattern Enumeration & Classification

id	Name
CAPEC-47	Buffer Overflow via Parameter Expansion

CWE : Common Weakness Enumeration

id	Name
CWE-130	Improper Handling of Length Parameter Inconsistency

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1173

Oval ID:	oval:org.mitre.oval:def:1173
Title:	Multiple Buffer Overflows in libXML2
Description:	Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0989	Version:	1
Platform(s):	Red Hat Enterprise Linux 3	Product(s):	libxml2
Definition Synopsis:
Red Hat Enterprise 3 is installed AND libxml or libxml-devel RPM is earlier than 1:1.8.17-9.2 libxml RPM is earlier than 1:1.8.17-9.2 AND libxml-devel RPM is earlier than 1:1.8.17-9.2

Definition Id: oval:org.mitre.oval:def:10505

Oval ID:	oval:org.mitre.oval:def:10505
Title:	Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Description:	Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0989	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libxml2-devel is earlier than 0:2.5.10-7 AND libxml2-python is earlier than 0:2.5.10-7 AND libxml-devel is earlier than 1:1.8.17-9.2 AND libxml is earlier than 1:1.8.17-9.2 AND libxml2 is earlier than 0:2.5.10-7

CPE : Common Platform Enumeration

Type	Description	Count
Application	Xmlsoft Libxml cpe:/a:xmlsoft:libxml:1.8.17	1
Application	Xmlsoft libxml2 cpe:/a:xmlsoft:libxml2:2.6.9 cpe:/a:xmlsoft:libxml2:2.6.8 cpe:/a:xmlsoft:libxml2:2.6.7 cpe:/a:xmlsoft:libxml2:2.6.6 cpe:/a:xmlsoft:libxml2:2.6.14 cpe:/a:xmlsoft:libxml2:2.6.13 cpe:/a:xmlsoft:libxml2:2.6.12 cpe:/a:xmlsoft:libxml2:2.6.11 cpe:/a:xmlsoft:libxml2:2.5.11	9
Application	Xmlstarlet Command Line Xml Toolkit cpe:/a:xmlstarlet:command_line_xml_toolkit:0.9.1	1
Os	Redhat Fedora Core cpe:/o:redhat:fedora_core:core_2.0	1
Os	Trustix Secure Linux cpe:/o:trustix:secure_linux:2.1 cpe:/o:trustix:secure_linux:2.0	2
Os	Ubuntu Ubuntu Linux cpe:/o:ubuntu:ubuntu_linux:4.1::ia64 cpe:/o:ubuntu:ubuntu_linux:4.1::ppc	2

Open Source Vulnerability Database (OSVDB)

id	Description
11324	libxml2 Proxy FTP URL Processing Overflow
11180	libxml2 DNS Reply Overflows
11179	libxml2 FTP URL Processing Overflow

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
BID	http://www.securityfocus.com/bid/11526
BUGTRAQ	http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2
CIAC	http://www.ciac.org/ciac/bulletins/p-029.shtml
CONECTIVA	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
DEBIAN	http://www.debian.org/security/2004/dsa-582
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
OSVDB	http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324
REDHAT	http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html
SECTRACK	http://securitytracker.com/id?1011941
SECUNIA	http://secunia.com/advisories/13000
SUSE	http://www.novell.com/linux/security/advisories/2005_01_sr.html
UBUNTU	http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2
XF	http://xforce.iss.net/xforce/xfdb/17870 http://xforce.iss.net/xforce/xfdb/17872 http://xforce.iss.net/xforce/xfdb/17875 http://xforce.iss.net/xforce/xfdb/17876

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 11:43:35	Multiple Updates

Type	Count
Capec ID(s)	1
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	16
osvdb(s)	3

Related	Severity
USN-89-1	(Critical)
RHSA-2004:650	(Critical)
RHSA-2004:615	(Critical)
DSA-582	(Critical)

Same Subject	Severity
Login to view 2 more Alert(s)

CVE-2004-0989

Executive Summary

Security-Database Scoring CVSS v2

Security Protection

Detail

Original Source

CAPEC : Common Attack Pattern Enumeration & Classification

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU