Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2011:131First vendor Publication2011-09-05
VendorMandrivaLast vendor Modification2011-09-05
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been discovered and corrected in libxml/libxml2:

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions (CVE-2011-1944).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:131

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13526
 
Oval ID: oval:org.mitre.oval:def:13526
Title: USN-1153-1 -- libxml2 vulnerability
Description: libxml2: GNOME XML library libxml2 could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1153-1
CVE-2011-1944
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): libxml2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application26
Application32

OpenVAS Exploits

DateDescription
2012-10-03Name : Fedora Update for libxml2 FEDORA-2012-13824
File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl
2012-09-27Name : Fedora Update for libxml2 FEDORA-2012-13820
File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl
2012-07-30Name : CentOS Update for libxml2 CESA-2012:0017 centos5
File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl
2012-07-13Name : VMSA-2012-0012 VMware ESXi update addresses several security issues.
File : nvt/gb_VMSA-2012-0012.nasl
2012-07-09Name : RedHat Update for libxml2 RHSA-2011:1749-03
File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl
2012-05-18Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-26 (libxml2)
File : nvt/glsa_201110_26.nasl
2012-01-13Name : RedHat Update for libxml2 RHSA-2012:0017-01
File : nvt/gb_RHSA-2012_0017-01_libxml2.nasl
2011-09-07Name : Mandriva Update for libxml MDVSA-2011:131 (libxml)
File : nvt/gb_mandriva_MDVSA_2011_131.nasl
2011-08-03Name : Debian Security Advisory DSA 2255-1 (libxml2)
File : nvt/deb_2255_1.nasl
2011-07-12Name : Fedora Update for libxml FEDORA-2011-7820
File : nvt/gb_fedora_2011_7820_libxml_fc15.nasl
2011-07-08Name : Fedora Update for libxml FEDORA-2011-7856
File : nvt/gb_fedora_2011_7856_libxml_fc14.nasl
2011-06-20Name : Ubuntu Update for libxml2 USN-1153-1
File : nvt/gb_ubuntu_USN_1153_1.nasl
0000-00-00Name : FreeBSD Ports: libxml
File : nvt/freebsd_libxml0.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
73248libxml2 xpath.c Xpath Nodeset Processing Overflow

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-05-03IAVM : 2012-A-0073 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0032171

Nessus® Vulnerability Scanner

DateDescription
2014-11-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libxml2-110629.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libxml2-110629.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_764879_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0017.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2013-04-14Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7be92050a45011e29898001060e06fd4.nasl - Type : ACT_GATHER_INFO
2013-02-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130131_mingw32_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote device is affected by multiple vulnerabilities.
File : appletv_5_1.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO
2012-09-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111206_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120111_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-13Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0012.nasl - Type : ACT_GATHER_INFO
2012-07-05Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-04-28Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2012-0008.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0017.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-7600.nasl - Type : ACT_GATHER_INFO
2011-12-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1749.nasl - Type : ACT_GATHER_INFO
2011-10-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-26.nasl - Type : ACT_GATHER_INFO
2011-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-131.nasl - Type : ACT_GATHER_INFO
2011-07-27Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxml2-110629.nasl - Type : ACT_GATHER_INFO
2011-07-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-7601.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Fedora host is missing a security update.
File : fedora_2011-7820.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Fedora host is missing a security update.
File : fedora_2011-7856.nasl - Type : ACT_GATHER_INFO
2011-06-17Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1153-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:42:24
  • Multiple Updates