ID CVE-2009-2414
Summary Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxml:1.8.17
    cpe:2.3:a:xmlsoft:libxml:1.8.17
  • Xmlsoft Libxml2 2.5.10
    cpe:2.3:a:xmlsoft:libxml2:2.5.10
  • Xmlsoft Libxml2 2.6.16
    cpe:2.3:a:xmlsoft:libxml2:2.6.16
  • XMLSoft Libxml2 2.6.26
    cpe:2.3:a:xmlsoft:libxml2:2.6.26
  • XMLSoft Libxml2 2.6.27
    cpe:2.3:a:xmlsoft:libxml2:2.6.27
  • XMLSoft Libxml2 2.6.32
    cpe:2.3:a:xmlsoft:libxml2:2.6.32
CVSS
Base: 4.3 (as of 12-08-2009 - 07:31)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89117
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89117
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5A7D41100B7A11E1846B00235409FD3E.NASL
    description Stack consumption vulnerability allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 56772
    published 2011-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56772
    title FreeBSD : libxml -- Stack consumption vulnerability (5a7d4110-0b7a-11e1-846b-00235409fd3e)
  • NASL family Windows
    NASL id SAFARI_4_0_4.NASL
    description The version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - Multiple issues in WebKit's handling of FTP directory listings may lead to information disclosure, unexpected application termination, or execution of arbitrary code. (CVE-2009-3384)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 42478
    published 2009-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42478
    title Safari < 4.0.4 Multiple Vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_2_0_172_43.NASL
    description The version of Google Chrome installed on the remote host is earlier than 2.0.172.43. Such versions are reportedly affected by multiple issues : - A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935) - The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (Issue #18725) - A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2414) - Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40778
    published 2009-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40778
    title Google Chrome < 2.0.172.43 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8582.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40603
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40603
    title Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8594.NASL
    description This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40604
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40604
    title Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI4_0_4.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - WebKit fails to issue a resource load callback to determine if a resource should be loaded when it encounters an HTML 5 Media Element pointing to an external resource, which could lead to undesired requests to remote servers. (CVE-2009-2841)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 42477
    published 2009-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42477
    title Mac OS X : Apple Safari < 4.0.4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-815-1.NASL
    description It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40576
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40576
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1206.NASL
    description Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40533
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40533
    title CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8580.NASL
    description two patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40602
    published 2009-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40602
    title Fedora 11 : mingw32-libxml2-2.7.3-2.fc11 (2009-8580)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0016.NASL
    description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 42870
    published 2009-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42870
    title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0018.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79462
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79462
    title OracleVM 2.1 : libxml2 (OVMSA-2009-0018)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1206.NASL
    description From Red Hat Security Advisory 2009:1206 : Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67909
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67909
    title Oracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1859.NASL
    description Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44724
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44724
    title Debian DSA-1859-1 : libxml2 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12504.NASL
    description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41325
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41325
    title SuSE9 Security Update : libxml.rpm (YOU Patch Number 12504)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1861.NASL
    description Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2416 An XML document with specially crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. - CVE-2009-2414 Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44726
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44726
    title Debian DSA-1861-1 : libxml - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090810_LIBXML_AND_LIBXML2_ON_SL3_X.NASL
    description CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provid a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60637
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60637
    title Scientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8491.NASL
    description two patches for parsing problems raised by ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40569
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40569
    title Fedora 10 : libxml2-2.7.3-2.fc10 (2009-8491)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201009-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201009-07 (libxml2: Denial of Service) The following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework: Two use-after-free vulnerabilities are possible when parsing a XML file with Notation or Enumeration attribute types (CVE-2009-2416). A stack consumption vulnerability can be triggered via a large depth of element declarations in a DTD, related to a function recursion (CVE-2009-2414). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 49636
    published 2010-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49636
    title GLSA-201009-07 : libxml2: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBXML-090908.NASL
    description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41004
    published 2009-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41004
    title openSUSE Security Update : libxml (libxml-1278)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML-6482.NASL
    description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51756
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51756
    title SuSE 10 Security Update : libxml (ZYPP Patch Number 6482)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBXML2-090807.NASL
    description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40573
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40573
    title openSUSE Security Update : libxml2 (libxml2-1175)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML2-6405.NASL
    description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42021
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42021
    title openSUSE 10 Security Update : libxml2 (libxml2-6405)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-200.NASL
    description Multiple vulnerabilities has been found and corrected in libxml : Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 40584
    published 2009-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40584
    title Mandriva Linux Security Advisory : libxml (MDVSA-2009:200-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBXML-090908.NASL
    description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41002
    published 2009-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41002
    title openSUSE Security Update : libxml (libxml-1278)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML-6477.NASL
    description This update of libxml does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42020
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42020
    title openSUSE 10 Security Update : libxml (libxml-6477)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBXML2-090807.NASL
    description This update of libxml2 does not use pointers after they were freed anymore. (CVE-2009-2416) Additionally a stack-based buffer overflow was fixed while parsing the root XML document. (CVE-2009-2414)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40575
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40575
    title openSUSE Security Update : libxml2 (libxml2-1175)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8498.NASL
    description two patches for parsing problems raised by Ficora Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40570
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40570
    title Fedora 11 : libxml2-2.7.3-3.fc11 (2009-8498)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1206.NASL
    description Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40544
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40544
    title RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)
oval via4
  • accepted 2013-04-29T04:02:01.614-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
    family unix
    id oval:org.mitre.oval:def:10129
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
    version 25
  • accepted 2014-01-20T04:01:41.218-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    • comment VMware ESX Server 4.0 is installed
      oval oval:org.mitre.oval:def:6293
    description Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
    family unix
    id oval:org.mitre.oval:def:8639
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware libxml2 stack consumption vulnerability
    version 7
redhat via4
rpms
  • libxml-1:1.8.17-9.3
  • libxml-devel-1:1.8.17-9.3
  • libxml2-0:2.5.10-15
  • libxml2-devel-0:2.5.10-15
  • libxml2-python-0:2.5.10-15
  • libxml2-0:2.6.16-12.7
  • libxml2-devel-0:2.6.16-12.7
  • libxml2-python-0:2.6.16-12.7
  • libxml2-0:2.6.26-2.1.2.8
  • libxml2-devel-0:2.6.26-2.1.2.8
  • libxml2-python-0:2.6.26-2.1.2.8
refmap via4
apple
  • APPLE-SA-2009-11-09-1
  • APPLE-SA-2009-11-11-1
  • APPLE-SA-2010-06-21-1
bid 36010
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
debian DSA-1859
fedora
  • FEDORA-2009-8491
  • FEDORA-2009-8498
  • FEDORA-2009-8580
misc
mlist [debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
secunia
  • 35036
  • 36207
  • 36338
  • 36417
  • 36631
  • 37346
  • 37471
suse SUSE-SR:2009:015
ubuntu USN-815-1
vupen
  • ADV-2009-2420
  • ADV-2009-3184
  • ADV-2009-3217
  • ADV-2009-3316
Last major update 24-10-2014 - 01:42
Published 11-08-2009 - 14:30
Last modified 10-10-2018 - 15:40
Back to Top