Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-2416 | First vendor Publication | 2009-08-11 |
| Vendor | Cve | Last vendor Modification | 2024-02-02 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 6.5 | ||
| Base Score | 6.5 | Environmental Score | 6.5 |
| impact SubScore | 3.6 | Temporal Score | 6.5 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | None | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-416 | Use After Free |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:22743 | |||
| Oval ID: | oval:org.mitre.oval:def:22743 | ||
| Title: | ELSA-2009:1206: libxml and libxml2 security update (Moderate) | ||
| Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1206-01 CVE-2009-2414 CVE-2009-2416 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | libxml libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28958 | |||
| Oval ID: | oval:org.mitre.oval:def:28958 | ||
| Title: | RHSA-2009:1206 -- libxml and libxml2 security update (Moderate) | ||
| Description: | Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1206 CESA-2009:1206-CentOS 3 CESA-2009:1206-CentOS 5 CVE-2009-2414 CVE-2009-2416 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libxml libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7783 | |||
| Oval ID: | oval:org.mitre.oval:def:7783 | ||
| Title: | VMware libxml2 use-after-free vulnerability | ||
| Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2416 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9262 | |||
| Oval ID: | oval:org.mitre.oval:def:9262 | ||
| Title: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
| Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2416 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for libxml CESA-2009:1206 centos3 i386 File : nvt/gb_CESA-2009_1206_libxml_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libxml2 CESA-2009:1206 centos5 i386 File : nvt/gb_CESA-2009_1206_libxml2_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-07 (libxml2) File : nvt/glsa_201009_07.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:200-1 (libxml) File : nvt/mdksa_2009_200_1.nasl |
| 2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml20.nasl |
| 2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125732-05 File : nvt/gb_solaris_125732_05.nasl |
| 2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125731-05 File : nvt/gb_solaris_125731_05.nasl |
| 2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-24 File : nvt/gb_solaris_114015_24.nasl |
| 2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-24 File : nvt/gb_solaris_114014_24.nasl |
| 2009-10-11 | Name : SLES11: Security update for libxml2 File : nvt/sles11_libxml2.nasl |
| 2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5055249.nasl |
| 2009-10-10 | Name : SLES9: Security update for libxml.rpm File : nvt/sles9p5058211.nasl |
| 2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
| 2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8594 (libxml) File : nvt/fcore_2009_8594.nasl |
| 2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8582 (libxml) File : nvt/fcore_2009_8582.nasl |
| 2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8580 (mingw32-libxml2) File : nvt/fcore_2009_8580.nasl |
| 2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1206 File : nvt/RHSA_2009_1206.nasl |
| 2009-08-17 | Name : Ubuntu USN-815-1 (libxml2) File : nvt/ubuntu_815_1.nasl |
| 2009-08-17 | Name : CentOS Security Advisory CESA-2009:1206 (libxml2) File : nvt/ovcesa2009_1206.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:200 (libxml) File : nvt/mdksa_2009_200.nasl |
| 2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8498 (libxml2) File : nvt/fcore_2009_8498.nasl |
| 2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8491 (libxml2) File : nvt/fcore_2009_8491.nasl |
| 2009-08-17 | Name : Debian Security Advisory DSA 1861-1 (libxml) File : nvt/deb_1861_1.nasl |
| 2009-08-17 | Name : Debian Security Advisory DSA 1859-1 (libxml2) File : nvt/deb_1859_1.nasl |
| 0000-00-00 | Name : FreeBSD Ports: libxml File : nvt/freebsd_libxml1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 56985 | libxml2 XML File Multiple Attribute Type Handling DoS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-09-10 | IAVM : 2009-T-0049 - Multiple Vulnerabilities in libxml2 Severity : Category I - VMSKEY : V0019911 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090810_libxml_and_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2011-11-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ce4b3af80b7c11e1846b00235409fd3e.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml-6482.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-07.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1859.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1861.nasl - Type : ACT_GATHER_INFO |
| 2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0_4.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_4.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-6405.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml-6477.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-6403.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12469.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12504.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
| 2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml-090908.nasl - Type : ACT_GATHER_INFO |
| 2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml-090908.nasl - Type : ACT_GATHER_INFO |
| 2009-08-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_43.nasl - Type : ACT_GATHER_INFO |
| 2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8582.nasl - Type : ACT_GATHER_INFO |
| 2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8580.nasl - Type : ACT_GATHER_INFO |
| 2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8594.nasl - Type : ACT_GATHER_INFO |
| 2009-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-200.nasl - Type : ACT_GATHER_INFO |
| 2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
| 2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
| 2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8498.nasl - Type : ACT_GATHER_INFO |
| 2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8491.nasl - Type : ACT_GATHER_INFO |
| 2009-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-815-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
| 2009-08-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-09 12:10:44 |
|
| 2024-02-08 09:28:12 |
|
| 2024-02-02 21:28:24 |
|
| 2023-02-13 09:29:17 |
|
| 2023-02-02 21:28:56 |
|
| 2021-05-04 12:09:48 |
|
| 2021-04-22 01:10:08 |
|
| 2020-05-23 00:24:01 |
|
| 2018-10-11 00:19:38 |
|
| 2017-09-19 09:23:17 |
|
| 2016-04-26 18:57:53 |
|
| 2016-03-04 13:26:24 |
|
| 2014-11-27 13:27:33 |
|
| 2014-10-24 13:25:45 |
|
| 2014-02-17 10:50:43 |
|
| 2013-11-11 12:38:21 |
|
| 2013-05-10 23:53:48 |
|
