Executive Summary
Summary | |
---|---|
Title | libxml2: User-assisted execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-201202-09 | First vendor Publication | 2012-02-29 |
Vendor | Gentoo | Last vendor Modification | 2012-02-29 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A boundary error in libxml2 could result in execution of arbitrary code or Denial of Service. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References Availability http://security.gentoo.org/glsa/glsa-201202-09.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201202-09.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14504 | |||
Oval ID: | oval:org.mitre.oval:def:14504 | ||
Title: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3919 | Version: | 14 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15165 | |||
Oval ID: | oval:org.mitre.oval:def:15165 | ||
Title: | DSA-2394-1 libxml2 -- several | ||
Description: | Many security problems had been fixed in libxml2, a popular library to handle XML data files. CVE-2011-3919: Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-0216: An Off-by-one error have been discoveried that allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2011-2821: A memory corruption bug has been identified in libxml2's XPath engine. Through it, it is possible to an attacker allows cause a denial of service or possibly have unspecified other impact. This vulnerability does not affect the oldstable distribution. CVE-2011-2834: Yang Dingning discovered a double free vulnerability related to XPath handling. CVE-2011-3905: An out-of-bounds read vulnerability had been discovered, which allows remote attackers to cause a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2394-1 CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15446 | |||
Oval ID: | oval:org.mitre.oval:def:15446 | ||
Title: | USN-1334-1 -- libxml2 vulnerabilities | ||
Description: | libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1334-1 CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21164 | |||
Oval ID: | oval:org.mitre.oval:def:21164 | ||
Title: | RHSA-2012:0017: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0017-01 CESA-2012:0017 CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21409 | |||
Oval ID: | oval:org.mitre.oval:def:21409 | ||
Title: | RHSA-2012:0018: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0018-01 CESA-2012:0018 CVE-2011-3905 CVE-2011-3919 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23214 | |||
Oval ID: | oval:org.mitre.oval:def:23214 | ||
Title: | ELSA-2012:0017: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0017-01 CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23538 | |||
Oval ID: | oval:org.mitre.oval:def:23538 | ||
Title: | ELSA-2012:0018: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0018-01 CVE-2011-3905 CVE-2011-3919 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27976 | |||
Oval ID: | oval:org.mitre.oval:def:27976 | ||
Title: | DEPRECATED: ELSA-2012-0018 -- libxml2 security update (important) | ||
Description: | [2.7.6-4.0.1.el6_2.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-4.el6_2.1] - Make sure the parser returns when getting a Stop order CVE-2011-3905 - Fix an allocation error when copying entities CVE-2011-3919 - Resolves: rhbz#771913 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0018 CVE-2011-3905 CVE-2011-3919 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | libxml2 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Fedora Update for libxml2 FEDORA-2012-13824 File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl |
2012-09-27 | Name : Fedora Update for libxml2 FEDORA-2012-13820 File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl |
2012-08-02 | Name : SuSE Update for libxml2 openSUSE-SU-2012:0107-1 (libxml2) File : nvt/gb_suse_2012_0107_1.nasl |
2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0016 centos4 File : nvt/gb_CESA-2012_0016_libxml2_centos4.nasl |
2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0017 centos5 File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl |
2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0018 centos6 File : nvt/gb_CESA-2012_0018_libxml2_centos6.nasl |
2012-07-13 | Name : VMSA-2012-0012 VMware ESXi update addresses several security issues. File : nvt/gb_VMSA-2012-0012.nasl |
2012-07-09 | Name : RedHat Update for libxml2 RHSA-2012:0018-01 File : nvt/gb_RHSA-2012_0018-01_libxml2.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201202-09 (libxml2) File : nvt/glsa_201202_09.nasl |
2012-03-12 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml22.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2394-1 (libxml2) File : nvt/deb_2394_1.nasl |
2012-01-20 | Name : Mandriva Update for libxml2 MDVSA-2012:005 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_005.nasl |
2012-01-20 | Name : Ubuntu Update for libxml2 USN-1334-1 File : nvt/gb_ubuntu_USN_1334_1.nasl |
2012-01-13 | Name : RedHat Update for libxml2 RHSA-2012:0017-01 File : nvt/gb_RHSA-2012_0017-01_libxml2.nasl |
2012-01-13 | Name : RedHat Update for libxml2 RHSA-2012:0016-01 File : nvt/gb_RHSA-2012_0016-01_libxml2.nasl |
2012-01-10 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux) File : nvt/gb_google_chrome_mult_dos_vuln_jan12_lin.nasl |
2012-01-10 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X) File : nvt/gb_google_chrome_mult_dos_vuln_jan12_macosx.nasl |
2012-01-10 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows) File : nvt/gb_google_chrome_mult_dos_vuln_jan12_win.nasl |
0000-00-00 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78148 | Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-05-03 | IAVM : 2012-A-0073 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0032171 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-10 | libxml2 entity reference name heap buffer overflow attempt RuleID : 33310 - Revision : 2 - Type : FILE-OTHER |
2015-03-10 | libxml2 entity reference name heap buffer overflow attempt RuleID : 33309 - Revision : 2 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0008_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0012_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1627-1.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20121120.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-107.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libxml2-120117.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libxml2-120117.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_764879_remote.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-36.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130131_mingw32_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-02-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
2013-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0104.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_5_1.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120111_libxml2_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120111_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120111_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-13 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0012.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
2012-04-28 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2012-0008.nasl - Type : ACT_GATHER_INFO |
2012-03-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201202-09.nasl - Type : ACT_GATHER_INFO |
2012-02-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_57f1a624619711e1b98cbcaec565249c.nasl - Type : ACT_GATHER_INFO |
2012-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2394.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-7929.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-120116.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1334-1.nasl - Type : ACT_GATHER_INFO |
2012-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-01-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-005.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
2012-01-10 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_16_0_912_75.nasl - Type : ACT_GATHER_INFO |
2012-01-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1a1aef8e389411e18b5c00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:12 |
|