ID CVE-2004-0989
Summary Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxml:1.8.17
    cpe:2.3:a:xmlsoft:libxml:1.8.17
  • XMLSoft Libxml2 2.5.11
    cpe:2.3:a:xmlsoft:libxml2:2.5.11
  • XMLSoft Libxml2 2.6.6
    cpe:2.3:a:xmlsoft:libxml2:2.6.6
  • XMLSoft Libxml2 2.6.7
    cpe:2.3:a:xmlsoft:libxml2:2.6.7
  • XMLSoft Libxml2 2.6.8
    cpe:2.3:a:xmlsoft:libxml2:2.6.8
  • XMLSoft Libxml2 2.6.9
    cpe:2.3:a:xmlsoft:libxml2:2.6.9
  • XMLSoft Libxml2 2.6.11
    cpe:2.3:a:xmlsoft:libxml2:2.6.11
  • XMLSoft Libxml2 2.6.12
    cpe:2.3:a:xmlsoft:libxml2:2.6.12
  • XMLSoft Libxml2 2.6.13
    cpe:2.3:a:xmlsoft:libxml2:2.6.13
  • XMLSoft Libxml2 2.6.14
    cpe:2.3:a:xmlsoft:libxml2:2.6.14
  • cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1
    cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1
  • cpe:2.3:o:redhat:fedora_core:core_2.0
    cpe:2.3:o:redhat:fedora_core:core_2.0
  • Trustix Secure Linux 2.0
    cpe:2.3:o:trustix:secure_linux:2.0
  • Trustix Secure Linux 2.1
    cpe:2.3:o:trustix:secure_linux:2.1
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilities. CVE-2004-0989. Remote exploit for linux platform
id EDB-ID:24704
last seen 2016-02-02
modified 2004-10-26
published 2004-10-26
reporter Sean
source https://www.exploit-db.com/download/24704/
title Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_LIBXML_1817_3.NASL
    description The following package needs to be updated: libxml2
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 15805
    published 2004-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15805
    title FreeBSD : libxml -- remote buffer overflows (98)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2004-650.NASL
    description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21794
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21794
    title CentOS 3 : libxml (CESA-2004:650)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_9579.NASL
    description This update adds missing patches for a buffer overflow in URL parsing code (CVE-2004-0989) and a buffer overflow while handling DNS responses. (CVE-2004-0110) These bugs can be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41341
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41341
    title SuSE9 Security Update : libxml (YOU Patch Number 9579)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-615.NASL
    description An updated libxml2 package that fixes multiple buffer overflows is now available. libxml2 is a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml2, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 15702
    published 2004-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15702
    title RHEL 2.1 / 3 : libxml2 (RHSA-2004:615)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9FF4C91E328C11D9A9E70001020EED82.NASL
    description infamous41md reports that libxml contains multiple buffer overflows in the URL parsing and DNS name resolving functions. These vulnerabilities could lead to execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 38061
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38061
    title FreeBSD : libxml -- remote buffer overflows (9ff4c91e-328c-11d9-a9e7-0001020eed82)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-650.NASL
    description An updated libxml package that fixes multiple buffer overflows is now available. [Updated 24 May 2005] Multilib packages have been added to this advisory The libxml package contains a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue. Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue. All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15991
    published 2004-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15991
    title RHEL 2.1 / 3 : libxml (RHSA-2004:650)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-89-1.NASL
    description Several buffer overflows have been discovered in libxml's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library for. Note: The same vulnerability was already fixed for libxml2 in USN-10-1. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20714
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20714
    title Ubuntu 4.10 : libxml vulnerabilities (USN-89-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-582.NASL
    description 'infamous41md' discovered several buffer overflows in libxml and libxml2, the XML C parser and toolkits for GNOME. Missing boundary checks could cause several buffers to be overflown, which may cause the client to execute arbitrary code. The following vulnerability matrix lists corrected versions of these libraries :
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15680
    published 2004-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15680
    title Debian DSA-582-1 : libxml - buffer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200411-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200411-05 (libxml2: Remotely exploitable buffer overflow) Multiple buffer overflows have been detected in the nanoftp and nanohttp modules. These modules are responsible for parsing URLs with ftp information, and resolving names via DNS. Impact : An attacker could exploit an application that uses libxml2 by forcing it to parse a specially crafted XML file, potentially causing remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 15610
    published 2004-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15610
    title GLSA-200411-05 : libxml2: Remotely exploitable buffer overflow
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8582.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40603
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40603
    title Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-127.NASL
    description Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitrary code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15638
    published 2004-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15638
    title Mandrake Linux Security Advisory : libxml/libxml2 (MDKSA-2004:127)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8594.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40604
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40604
    title Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-001.NASL
    description he remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 16251
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16251
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-001)
oval via4
  • accepted 2013-04-29T04:06:14.394-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
    family unix
    id oval:org.mitre.oval:def:10505
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
    version 24
  • accepted 2005-08-18T07:37:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
    family unix
    id oval:org.mitre.oval:def:1173
    status accepted
    submitted 2005-06-27T12:00:00.000-04:00
    title Multiple Buffer Overflows in libXML2
    version 4
redhat via4
advisories
  • rhsa
    id RHSA-2004:615
  • rhsa
    id RHSA-2004:650
refmap via4
apple APPLE-SA-2005-01-25
bid 11526
bugtraq 20041026 libxml2 remote buffer overflows (not in xml parsing code though)
ciac P-029
conectiva CLA-2004:890
debian DSA-582
gentoo GLSA-200411-05
osvdb
  • 11179
  • 11180
  • 11324
sectrack 1011941
secunia 13000
suse SUSE-SR:2005:001
ubuntu USN-89-1
xf
  • libxml2-nanoftp-file-bo(17872)
  • libxml2-nanohttp-file-bo(17876)
  • libxml2-xmlnanoftpscanproxy-bo(17875)
  • libxml2-xmlnanoftpscanurl-bo(17870)
Last major update 07-12-2016 - 21:59
Published 01-03-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top