CVE-2004-0989

Sažetak

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://secunia.com/advisories/13000
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

01-03-2005 - 05:00