Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-3102First vendor Publication2012-05-15
VendorCveLast vendor Modification2014-01-27

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20521
 
Oval ID: oval:org.mitre.oval:def:20521
Title: VMware vSphere security updates for the authentication service and third party libraries
Description: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3102
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18539
 
Oval ID: oval:org.mitre.oval:def:18539
Title: DSA-2479-1 libxml2 - off-by-one
Description: Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2479-1
CVE-2011-3102
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17574
 
Oval ID: oval:org.mitre.oval:def:17574
Title: USN-1447-1 -- libxml2 vulnerability
Description: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1447-1
CVE-2011-3102
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26593
 
Oval ID: oval:org.mitre.oval:def:26593
Title: Allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact
Description: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3102
Version: 2
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os48

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0656-1 (update)
File : nvt/gb_suse_2012_0656_1.nasl
2012-10-03Name : Fedora Update for libxml2 FEDORA-2012-13824
File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl
2012-09-27Name : Fedora Update for libxml2 FEDORA-2012-13820
File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl
2012-09-22Name : RedHat Update for libxml2 RHSA-2012:1288-01
File : nvt/gb_RHSA-2012_1288-01_libxml2.nasl
2012-09-22Name : CentOS Update for libxml2 CESA-2012:1288 centos5
File : nvt/gb_CESA-2012_1288_libxml2_centos5.nasl
2012-09-22Name : CentOS Update for libxml2 CESA-2012:1288 centos6
File : nvt/gb_CESA-2012_1288_libxml2_centos6.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201207-02 (libxml2)
File : nvt/glsa_201207_02.nasl
2012-06-22Name : Mandriva Update for libxml2 MDVSA-2012:098 (libxml2)
File : nvt/gb_mandriva_MDVSA_2012_098.nasl
2012-05-31Name : FreeBSD Ports: libxml2
File : nvt/freebsd_libxml23.nasl
2012-05-31Name : Debian Security Advisory DSA 2479-1 (libxml2)
File : nvt/deb_2479_1.nasl
2012-05-22Name : Ubuntu Update for libxml2 USN-1447-1
File : nvt/gb_ubuntu_USN_1447_1.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_may12_lin.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_may12_macosx.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_may12_win.nasl

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-02-07IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0036787
2013-02-07IAVM : 2013-B-0012 - VMware vCenter 4.1 Server and vSphere 4.1 Client Memory Corruption Vulnerability
Severity : Category II - VMSKEY : V0036789

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-295.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-320.nasl - Type : ACT_GATHER_INFO
2014-01-23Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_1_4.nasl - Type : ACT_GATHER_INFO
2014-01-23Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_1_4_banner.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-10-24Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_1_2.nasl - Type : ACT_GATHER_INFO
2013-10-24Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_1_2_banner.nasl - Type : ACT_GATHER_INFO
2013-10-01Name : The remote device is affected by multiple vulnerabilities.
File : appletv_6_0.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-134.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1288.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-056.nasl - Type : ACT_GATHER_INFO
2013-02-16Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO
2013-02-11Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2013-0001.nasl - Type : ACT_GATHER_INFO
2013-02-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130131_mingw32_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxml2-120530.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO
2012-09-19Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120918_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO
2012-07-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-02.nasl - Type : ACT_GATHER_INFO
2012-06-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-8156.nasl - Type : ACT_GATHER_INFO
2012-06-22Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-098.nasl - Type : ACT_GATHER_INFO
2012-05-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2479.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1447-1.nasl - Type : ACT_GATHER_INFO
2012-05-21Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b8ae4659a0da11e1a294bcaec565249c.nasl - Type : ACT_GATHER_INFO
2012-05-16Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_19_0_1084_46.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
BIDhttp://www.securityfocus.com/bid/53540
CONFIRMhttp://code.google.com/p/chromium/issues/detail?id=125462
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/...
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:098
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
REDHAThttp://rhn.redhat.com/errata/RHSA-2013-0217.html
SECTRACKhttp://www.securitytracker.com/id?1027067
SECUNIAhttp://secunia.com/advisories/49243
http://secunia.com/advisories/50658
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2014-06-14 13:31:28
  • Multiple Updates
2014-02-17 11:04:35
  • Multiple Updates
2014-01-28 13:18:57
  • Multiple Updates
2014-01-24 13:18:52
  • Multiple Updates
2013-11-11 12:39:33
  • Multiple Updates
2013-11-06 13:23:54
  • Multiple Updates
2013-11-04 21:21:45
  • Multiple Updates
2013-10-31 13:18:59
  • Multiple Updates
2013-10-11 21:21:49
  • Multiple Updates
2013-09-27 21:20:18
  • Multiple Updates
2013-09-27 13:21:00
  • Multiple Updates
2013-09-20 13:19:57
  • Multiple Updates
2013-05-30 13:23:03
  • Multiple Updates
2013-05-10 23:06:05
  • Multiple Updates
2013-04-27 13:19:28
  • Multiple Updates
2013-04-19 13:19:58
  • Multiple Updates
2013-02-07 13:19:53
  • Multiple Updates