7.5 - CVE-2008-2935

Executive Summary

Informations
Name	CVE-2008-2935	First vendor Publication	2008-08-01
Vendor	Cve	Last vendor Modification	2018-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10827

Oval ID:	oval:org.mitre.oval:def:10827
Title:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Description:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2935	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libxslt-devel is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-python is earlier than 0:1.1.11-1.el4_7.2 AND libxslt is earlier than 0:1.1.11-1.el4_7.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2

Definition Id: oval:org.mitre.oval:def:17713

Oval ID:	oval:org.mitre.oval:def:17713
Title:	USN-633-1 -- libxslt vulnerabilities
Description:	It was discovered that long transformation matches in libxslt could overflow.
Family:	unix	Class:	patch
Reference(s):	USN-633-1 CVE-2008-1767 CVE-2008-2935	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	libxslt
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libxslt1.1 DPKG is earlier than 1.1.15-1ubuntu1.2 AND Release section Ubuntu 7.04 is installed AND libxslt1.1 DPKG is earlier than 1.1.20-0ubuntu2.2 AND Release section Ubuntu 7.10 is installed AND libxslt1.1 DPKG is earlier than 1.1.21-2ubuntu2.2 AND Release section Ubuntu 8.04 is installed AND libxslt1.1 DPKG is earlier than 1.1.22-1ubuntu1.2

Definition Id: oval:org.mitre.oval:def:20386

Oval ID:	oval:org.mitre.oval:def:20386
Title:	DSA-1624-1 libxslt - arbitrary code execution
Description:	Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1624-1 CVE-2008-2935	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libxslt
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libxslt DPKG is earlier than 0:1.1.19-3

Definition Id: oval:org.mitre.oval:def:22165

Oval ID:	oval:org.mitre.oval:def:22165
Title:	ELSA-2008:0649: libxslt security update (Moderate)
Description:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0649-03 CVE-2008-2935	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libxslt
Definition Synopsis:
Oracle Linux 5.x rpm test libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2

Definition Id: oval:org.mitre.oval:def:29029

Oval ID:	oval:org.mitre.oval:def:29029
Title:	RHSA-2008:0649 -- libxslt security update (Moderate)
Description:	Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0649 CESA-2008:0649-CentOS 5 CVE-2008-2935	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	libxslt
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libxslt is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-devel is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-python is earlier than 0:1.1.11-1.el4_7.2

Definition Id: oval:org.mitre.oval:def:7764

Oval ID:	oval:org.mitre.oval:def:7764
Title:	DSA-1624 liebxslt -- buffer overflows
Description:	Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1624 CVE-2008-2935	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libxslt
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section libxslt1-dev is earlier than 1.1.19-3 AND python-libxslt1 is earlier than 1.1.19-3 AND libxslt1-dbg is earlier than 1.1.19-3 AND libxslt1.1 is earlier than 1.1.19-3 AND xsltproc is earlier than 1.1.19-3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Xmlsoft Libxslt cpe:2.3:a:xmlsoft:libxslt:1.1.9:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.8:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.24:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.23:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.22:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.21:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.20:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.19:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.18:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.17:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.16:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.15:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.14:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.13:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.12:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.11:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.10:::::::*	17

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for libxslt File : nvt/sles10_libxslt.nasl
2009-04-09	Name : Mandriva Update for libxslt MDVSA-2008:160 (libxslt) File : nvt/gb_mandriva_MDVSA_2008_160.nasl
2009-03-23	Name : Ubuntu Update for libxslt vulnerabilities USN-633-1 File : nvt/gb_ubuntu_USN_633_1.nasl
2009-03-06	Name : RedHat Update for libxslt RHSA-2008:0649-01 File : nvt/gb_RHSA-2008_0649-01_libxslt.nasl
2009-02-17	Name : Fedora Update for libxslt FEDORA-2008-7029 File : nvt/gb_fedora_2008_7029_libxslt_fc8.nasl
2009-02-17	Name : Fedora Update for libxslt FEDORA-2008-7062 File : nvt/gb_fedora_2008_7062_libxslt_fc9.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-06 (libxslt) File : nvt/glsa_200808_06.nasl
2008-08-15	Name : Debian Security Advisory DSA 1624-1 (libxslt) File : nvt/deb_1624_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
47544	libxslt libexslt crypto.c Multiple Function XML Parsing Overflows

Snort® IPS/IDS

Date	Description
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt - 2 RuleID : 14041 - Revision : 16 - Type : SERVER-OTHER
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14040 - Revision : 14 - Type : SERVER-OTHER
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14039 - Revision : 20 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0649.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080731_libxslt_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0649.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxslt-080720.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-160.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxslt-5457.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote openSUSE host is missing a security update. File : suse_libxslt-5458.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-7029.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-7062.nasl - Type : ACT_GATHER_INFO
2008-08-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-06.nasl - Type : ACT_GATHER_INFO
2008-08-04	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-633-1.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1624.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0649.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/30467
BUGTRAQ	http://www.securityfocus.com/archive/1/494976/100/0/threaded http://www.securityfocus.com/archive/1/495018/100/0/threaded http://www.securityfocus.com/archive/1/497829/100/0/threaded
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306
DEBIAN	http://www.debian.org/security/2008/dsa-1624
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.... https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118....
GENTOO	http://security.gentoo.org/glsa/glsa-200808-06.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:160
MISC	http://www.ocert.org/advisories/ocert-2008-009.html http://www.ocert.org/patches/exslt_crypt.patch http://www.scary.beasts.org/security/CESA-2008-003.html
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0649.html
SECTRACK	http://www.securitytracker.com/id?1020596
SECUNIA	http://secunia.com/advisories/31230 http://secunia.com/advisories/31310 http://secunia.com/advisories/31331 http://secunia.com/advisories/31363 http://secunia.com/advisories/31395 http://secunia.com/advisories/31399 http://secunia.com/advisories/32453
SREASON	http://securityreason.com/securityalert/4078
UBUNTU	http://www.ubuntu.com/usn/usn-633-1
VUPEN	http://www.vupen.com/english/advisories/2008/2266/references
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/44141

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:07:40	Multiple Updates
2021-04-22 01:08:03	Multiple Updates
2020-05-23 00:21:53	Multiple Updates
2018-10-12 00:20:23	Multiple Updates
2017-09-29 09:23:36	Multiple Updates
2017-08-08 09:24:12	Multiple Updates
2016-04-26 17:35:10	Multiple Updates
2014-02-17 10:45:32	Multiple Updates
2014-01-19 21:25:04	Multiple Updates
2013-05-11 00:20:26	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	17
Sources(s)	27
osvdb(s)	1
Openvas Exploit(s)	8
Snort® Rule(s)	3
Nessus® Exploit(s)	13

	Related
7.5	USN-633-1
7.5	RHSA-2008:0649
7.5	MDVSA-2008:160
7.5	GLSA-200808-06
7.5	DSA-1624
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

7.5 - CVE-2008-2935

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU