ID CVE-2004-0110
Summary Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
References
Vulnerable Configurations
  • SGI ProPack 2.3
    cpe:2.3:a:sgi:propack:2.3
  • SGI ProPack 2.4
    cpe:2.3:a:sgi:propack:2.4
  • cpe:2.3:a:xmlsoft:libxml:1.8.17
    cpe:2.3:a:xmlsoft:libxml:1.8.17
  • XMLSoft Libxml2 2.4.19
    cpe:2.3:a:xmlsoft:libxml2:2.4.19
  • XMLSoft Libxml2 2.4.23
    cpe:2.3:a:xmlsoft:libxml2:2.4.23
  • XMLSoft Libxml2 2.5.4
    cpe:2.3:a:xmlsoft:libxml2:2.5.4
  • Xmlsoft Libxml2 2.5.10
    cpe:2.3:a:xmlsoft:libxml2:2.5.10
  • XMLSoft Libxml2 2.5.11
    cpe:2.3:a:xmlsoft:libxml2:2.5.11
  • XMLSoft Libxml2 2.6.0
    cpe:2.3:a:xmlsoft:libxml2:2.6.0
  • XMLSoft Libxml2 2.6.1
    cpe:2.3:a:xmlsoft:libxml2:2.6.1
  • XMLSoft Libxml2 2.6.2
    cpe:2.3:a:xmlsoft:libxml2:2.6.2
  • XMLSoft Libxml2 2.6.3
    cpe:2.3:a:xmlsoft:libxml2:2.6.3
  • XMLSoft Libxml2 2.6.4
    cpe:2.3:a:xmlsoft:libxml2:2.6.4
  • XMLSoft Libxml2 2.6.5
    cpe:2.3:a:xmlsoft:libxml2:2.6.5
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description libxml 2.6.12 nanoftp Remote Buffer Overflow Proof of Concept Exploit. CVE-2004-0110. Local exploit for linux platform
id EDB-ID:601
last seen 2016-01-31
modified 2004-10-26
published 2004-10-26
reporter infamous41md
source https://www.exploit-db.com/download/601/
title libxml 2.6.12 nanoftp Remote Buffer Overflow Proof of Concept Exploit
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_XML2_266.NASL
    description The following package needs to be updated: libxml2
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12627
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12627
    title FreeBSD : libxml2 stack buffer overflow in URI parsing (208)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2004-650.NASL
    description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21794
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21794
    title CentOS 3 : libxml (CESA-2004:650)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_9579.NASL
    description This update adds missing patches for a buffer overflow in URL parsing code (CVE-2004-0989) and a buffer overflow while handling DNS responses. (CVE-2004-0110) These bugs can be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41341
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41341
    title SuSE9 Security Update : libxml (YOU Patch Number 9579)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_847ADE05671711D8B321000A95BC6FAE.NASL
    description Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxml2 to parse documents.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 36421
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36421
    title FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-018.NASL
    description A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code. The updated packages provide a backported fix to correct the problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14118
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14118
    title Mandrake Linux Security Advisory : libxml2 (MDKSA-2004:018)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-650.NASL
    description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15991
    published 2004-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15991
    title RHEL 2.1 / 3 : libxml (RHSA-2004:650)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-090.NASL
    description Updated libxml2 packages that fix an overflow when parsing remote resources are now available. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12474
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12474
    title RHEL 2.1 / 3 : libxml2 (RHSA-2004:090)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200403-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200403-01 (Libxml2 URI Parsing Buffer Overflow Vulnerabilities) Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096 bytes. Impact : If an attacker is able to exploit an application using libxml2 that parses remote resources, then this flaw could be used to execute arbitrary code. Workaround : No workaround is available; users are urged to upgrade libxml2 to 2.6.6.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 14452
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14452
    title GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8582.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40603
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40603
    title Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8594.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40604
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40604
    title Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_9581.NASL
    description This update fixes a buffer overflow in the DNS handling code (CVE-2004-0110). This bug can be exploited remotely via a DNS server under the control of the attacker.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41342
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41342
    title SuSE9 Security Update : libxml2 (YOU Patch Number 9581)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-455.NASL
    description libxml2 is a library for manipulating XML files. Yuuichi Teranishi (Si Xi Yu [?] ) discovered a flaw in libxml, the GNOME XML library. When fetching a remote resource via FTP or HTTP, the library uses special parsing routines which can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml1 or libxml2 that parses remote resources and allows the attacker to craft the URL, then this flaw could be used to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15292
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15292
    title Debian DSA-455-1 : libxml - buffer overflows
oval via4
  • accepted 2013-04-29T04:15:02.176-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    family unix
    id oval:org.mitre.oval:def:11626
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    version 24
  • accepted 2007-04-25T19:52:58.231-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    description Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    family unix
    id oval:org.mitre.oval:def:833
    status deprecated
    submitted 2004-03-20T12:00:00.000-04:00
    title XMLSoft Libxml2 Code Execution Vulnerability
    version 34
  • accepted 2007-04-25T19:53:05.843-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
    family unix
    id oval:org.mitre.oval:def:875
    status accepted
    submitted 2004-02-22T12:00:00.000-04:00
    title XMLSoft Libxml2 Code Execution Vulnerability
    version 33
redhat via4
advisories
  • rhsa
    id RHSA-2004:090
  • rhsa
    id RHSA-2004:091
  • rhsa
    id RHSA-2004:650
refmap via4
bid 9718
bugtraq
  • 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)
  • 20040306 TSLSA-2004-0010 - libxml2
cert-vn VU#493966
ciac O-086
confirm http://www.xmlsoft.org/news.html
debian DSA-455
gentoo GLSA-200403-01
secunia 10958
suse SUSE-SR:2005:001
xf
  • libxml2-nanoftp-bo(15302)
  • libxml2-nanohttp-bo(15301)
Last major update 17-10-2016 - 22:40
Published 15-03-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top