ID CVE-2009-0585
Summary Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
References
Vulnerable Configurations
  • cpe:2.3:a:joe_shaw:libsoup:2.1
    cpe:2.3:a:joe_shaw:libsoup:2.1
  • cpe:2.3:a:joe_shaw:libsoup:2.23.1
    cpe:2.3:a:joe_shaw:libsoup:2.23.1
  • cpe:2.3:a:joe_shaw:libsoup:2.23.6
    cpe:2.3:a:joe_shaw:libsoup:2.23.6
  • cpe:2.3:a:joe_shaw:libsoup:2.23.91
    cpe:2.3:a:joe_shaw:libsoup:2.23.91
  • cpe:2.3:a:joe_shaw:libsoup:2.23.92
    cpe:2.3:a:joe_shaw:libsoup:2.23.92
CVSS
Base: 7.5 (as of 15-03-2009 - 10:15)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-081.NASL
    description An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0585). This update provides the fix for that security issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37334
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37334
    title Mandriva Linux Security Advisory : libsoup (MDVSA-2009:081)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1748.NASL
    description It was discovered that libsoup, an HTTP library implementation in C, handles large strings insecurely via its Base64 encoding functions. This could possibly lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35980
    published 2009-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35980
    title Debian DSA-1748-1 : libsoup - integer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0344.NASL
    description Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35944
    published 2009-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35944
    title RHEL 4 / 5 : libsoup (RHSA-2009:0344)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090316_LIBSOUP_ON_SL4_X.NASL
    description An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60547
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60547
    title Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBSOUP-6223.NASL
    description Large strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 41551
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41551
    title SuSE 10 Security Update : libsoup (ZYPP Patch Number 6223)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12411.NASL
    description Large strings could lead to a heap overflow in the base64 encoding and decoding functions. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-0585)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41297
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41297
    title SuSE9 Security Update : libsoup (YOU Patch Number 12411)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-737-1.NASL
    description It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38092
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38092
    title Ubuntu 6.06 LTS / 7.10 : libsoup vulnerability (USN-737-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0344.NASL
    description Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38892
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38892
    title CentOS 4 : libsoup (CESA-2009:0344)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0344.NASL
    description From Red Hat Security Advisory 2009:0344 : Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 67822
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67822
    title Oracle Linux 4 / 5 : libsoup (ELSA-2009-0344)
oval via4
accepted 2013-04-29T04:20:33.613-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
family unix
id oval:org.mitre.oval:def:9599
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
version 24
redhat via4
advisories
bugzilla
id 488026
title CVE-2009-0585 libsoup: integer overflow in soup_base64_encode()
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment libsoup is earlier than 0:2.2.1-4.el4.1
          oval oval:com.redhat.rhsa:tst:20090344002
        • comment libsoup is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090344003
      • AND
        • comment libsoup-devel is earlier than 0:2.2.1-4.el4.1
          oval oval:com.redhat.rhsa:tst:20090344004
        • comment libsoup-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090344005
      • AND
        • comment evolution28-libsoup is earlier than 0:2.2.98-5.el4.1
          oval oval:com.redhat.rhsa:tst:20090344006
        • comment evolution28-libsoup is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090344007
      • AND
        • comment evolution28-libsoup-devel is earlier than 0:2.2.98-5.el4.1
          oval oval:com.redhat.rhsa:tst:20090344008
        • comment evolution28-libsoup-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090344009
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libsoup is earlier than 0:2.2.98-2.el5_3.1
          oval oval:com.redhat.rhsa:tst:20090344011
        • comment libsoup is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090344012
      • AND
        • comment libsoup-devel is earlier than 0:2.2.98-2.el5_3.1
          oval oval:com.redhat.rhsa:tst:20090344013
        • comment libsoup-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090344014
rhsa
id RHSA-2009:0344
released 2009-03-16
severity Moderate
title RHSA-2009:0344: libsoup security update (Moderate)
rpms
  • libsoup-0:2.2.1-4.el4.1
  • libsoup-devel-0:2.2.1-4.el4.1
  • evolution28-libsoup-0:2.2.98-5.el4.1
  • evolution28-libsoup-devel-0:2.2.98-5.el4.1
  • libsoup-0:2.2.98-2.el5_3.1
  • libsoup-devel-0:2.2.98-2.el5_3.1
refmap via4
bid 34100
bugtraq 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
confirm http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm
debian DSA-1748
mandriva MDVSA-2009:081
misc
mlist [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
secunia
  • 34310
  • 34337
  • 34401
  • 35065
suse SUSE-SR:2009:010
ubuntu USN-737-1
xf libsoup-soupmisc-bo(49273)
Last major update 21-08-2010 - 01:30
Published 14-03-2009 - 14:30
Last modified 10-10-2018 - 15:29
Back to Top