7.5 - GLSA-200808-06

Executive Summary

Summary
Title	libxslt: Execution of arbitrary code

Informations
Name	GLSA-200808-06	First vendor Publication	2008-08-06
Vendor	Gentoo	Last vendor Modification	2008-08-06
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

libxslt is affected by a heap-based buffer overflow, possibly leading to the execution of arbitrary code.

Background

libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML.

Description

Chris Evans (Google Security) reported that the libexslt library that is part of libxslt is affected by a heap-based buffer overflow in the RC4 encryption/decryption functions.

Impact

A remote attacker could entice a user to process an XML file using a specially crafted XSLT stylesheet in an application linked against libxslt, possibly leading to the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All libxslt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.24-r1"

References

[ 1 ] CVE-2008-2935 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200808-06.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200808-06.xml

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10827

Oval ID:	oval:org.mitre.oval:def:10827
Title:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Description:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2935	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libxslt-devel is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-python is earlier than 0:1.1.11-1.el4_7.2 AND libxslt is earlier than 0:1.1.11-1.el4_7.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2

Definition Id: oval:org.mitre.oval:def:17713

Oval ID:	oval:org.mitre.oval:def:17713
Title:	USN-633-1 -- libxslt vulnerabilities
Description:	It was discovered that long transformation matches in libxslt could overflow.
Family:	unix	Class:	patch
Reference(s):	USN-633-1 CVE-2008-1767 CVE-2008-2935	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	libxslt
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libxslt1.1 DPKG is earlier than 1.1.15-1ubuntu1.2 AND Release section Ubuntu 7.04 is installed AND libxslt1.1 DPKG is earlier than 1.1.20-0ubuntu2.2 AND Release section Ubuntu 7.10 is installed AND libxslt1.1 DPKG is earlier than 1.1.21-2ubuntu2.2 AND Release section Ubuntu 8.04 is installed AND libxslt1.1 DPKG is earlier than 1.1.22-1ubuntu1.2

Definition Id: oval:org.mitre.oval:def:20386

Oval ID:	oval:org.mitre.oval:def:20386
Title:	DSA-1624-1 libxslt - arbitrary code execution
Description:	Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1624-1 CVE-2008-2935	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libxslt
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libxslt DPKG is earlier than 0:1.1.19-3

Definition Id: oval:org.mitre.oval:def:22165

Oval ID:	oval:org.mitre.oval:def:22165
Title:	ELSA-2008:0649: libxslt security update (Moderate)
Description:	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0649-03 CVE-2008-2935	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libxslt
Definition Synopsis:
Oracle Linux 5.x rpm test libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2

Definition Id: oval:org.mitre.oval:def:29029

Oval ID:	oval:org.mitre.oval:def:29029
Title:	RHSA-2008:0649 -- libxslt security update (Moderate)
Description:	Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0649 CESA-2008:0649-CentOS 5 CVE-2008-2935	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	libxslt
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section libxslt-devel is earlier than 0:1.1.17-2.el5_2.2 AND libxslt is earlier than 0:1.1.17-2.el5_2.2 AND libxslt-python is earlier than 0:1.1.17-2.el5_2.2 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libxslt is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-devel is earlier than 0:1.1.11-1.el4_7.2 AND libxslt-python is earlier than 0:1.1.11-1.el4_7.2

Definition Id: oval:org.mitre.oval:def:7764

Oval ID:	oval:org.mitre.oval:def:7764
Title:	DSA-1624 liebxslt -- buffer overflows
Description:	Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1624 CVE-2008-2935	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libxslt
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section libxslt1-dev is earlier than 1.1.19-3 AND python-libxslt1 is earlier than 1.1.19-3 AND libxslt1-dbg is earlier than 1.1.19-3 AND libxslt1.1 is earlier than 1.1.19-3 AND xsltproc is earlier than 1.1.19-3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Xmlsoft Libxslt cpe:2.3:a:xmlsoft:libxslt:1.1.9:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.8:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.24:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.23:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.22:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.21:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.20:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.19:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.18:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.17:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.16:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.15:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.14:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.13:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.12:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.11:::::::* cpe:2.3:a:xmlsoft:libxslt:1.1.10:::::::*	17

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for libxslt File : nvt/sles10_libxslt.nasl
2009-04-09	Name : Mandriva Update for libxslt MDVSA-2008:160 (libxslt) File : nvt/gb_mandriva_MDVSA_2008_160.nasl
2009-03-23	Name : Ubuntu Update for libxslt vulnerabilities USN-633-1 File : nvt/gb_ubuntu_USN_633_1.nasl
2009-03-06	Name : RedHat Update for libxslt RHSA-2008:0649-01 File : nvt/gb_RHSA-2008_0649-01_libxslt.nasl
2009-02-17	Name : Fedora Update for libxslt FEDORA-2008-7029 File : nvt/gb_fedora_2008_7029_libxslt_fc8.nasl
2009-02-17	Name : Fedora Update for libxslt FEDORA-2008-7062 File : nvt/gb_fedora_2008_7062_libxslt_fc9.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-06 (libxslt) File : nvt/glsa_200808_06.nasl
2008-08-15	Name : Debian Security Advisory DSA 1624-1 (libxslt) File : nvt/deb_1624_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
47544	libxslt libexslt crypto.c Multiple Function XML Parsing Overflows

Snort® IPS/IDS

Date	Description
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt - 2 RuleID : 14041 - Revision : 16 - Type : SERVER-OTHER
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14040 - Revision : 14 - Type : SERVER-OTHER
2014-01-10	GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14039 - Revision : 20 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0649.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080731_libxslt_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0649.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxslt-080720.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-160.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxslt-5457.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote openSUSE host is missing a security update. File : suse_libxslt-5458.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-7029.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-7062.nasl - Type : ACT_GATHER_INFO
2008-08-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-06.nasl - Type : ACT_GATHER_INFO
2008-08-04	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-633-1.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1624.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0649.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:01	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	17
osvdb(s)	1
Openvas Exploit(s)	8
Snort® Rule(s)	3
Nessus® Exploit(s)	13

	Related
7.5	CVE-2008-2935
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - GLSA-200808-06

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU