ID CVE-2011-1944
Summary Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
References
Vulnerable Configurations
  • XMLSoft Libxml2 2.6.22
    cpe:2.3:a:xmlsoft:libxml2:2.6.22
  • XMLSoft Libxml2 2.6.27
    cpe:2.3:a:xmlsoft:libxml2:2.6.27
  • XMLSoft Libxml2 2.6.26
    cpe:2.3:a:xmlsoft:libxml2:2.6.26
  • XMLSoft Libxml2 2.6.30
    cpe:2.3:a:xmlsoft:libxml2:2.6.30
  • XMLSoft Libxml2 2.6.17
    cpe:2.3:a:xmlsoft:libxml2:2.6.17
  • Xmlsoft Libxml2 2.6.16
    cpe:2.3:a:xmlsoft:libxml2:2.6.16
  • XMLSoft Libxml2 2.6.20
    cpe:2.3:a:xmlsoft:libxml2:2.6.20
  • XMLSoft Libxml2 2.6.18
    cpe:2.3:a:xmlsoft:libxml2:2.6.18
  • XMLSoft Libxml2 2.6.11
    cpe:2.3:a:xmlsoft:libxml2:2.6.11
  • XMLSoft Libxml2 2.6.1
    cpe:2.3:a:xmlsoft:libxml2:2.6.1
  • XMLSoft Libxml2 2.6.0
    cpe:2.3:a:xmlsoft:libxml2:2.6.0
  • XMLSoft Libxml2 2.6.5
    cpe:2.3:a:xmlsoft:libxml2:2.6.5
  • XMLSoft Libxml2 2.6.6
    cpe:2.3:a:xmlsoft:libxml2:2.6.6
  • XMLSoft Libxml2 2.6.3
    cpe:2.3:a:xmlsoft:libxml2:2.6.3
  • XMLSoft Libxml2 2.6.4
    cpe:2.3:a:xmlsoft:libxml2:2.6.4
  • XMLSoft Libxml2 2.6.14
    cpe:2.3:a:xmlsoft:libxml2:2.6.14
  • XMLSoft Libxml2 2.6.32
    cpe:2.3:a:xmlsoft:libxml2:2.6.32
  • XMLSoft Libxml2 2.6.2
    cpe:2.3:a:xmlsoft:libxml2:2.6.2
  • XMLSoft Libxml2 2.6.12
    cpe:2.3:a:xmlsoft:libxml2:2.6.12
  • XMLSoft Libxml2 2.6.13
    cpe:2.3:a:xmlsoft:libxml2:2.6.13
  • XMLSoft Libxml2 2.6.9
    cpe:2.3:a:xmlsoft:libxml2:2.6.9
  • XMLSoft Libxml2 2.6.7
    cpe:2.3:a:xmlsoft:libxml2:2.6.7
  • XMLSoft Libxml2 2.6.8
    cpe:2.3:a:xmlsoft:libxml2:2.6.8
  • XMLSoft Libxml2 2.7.5
    cpe:2.3:a:xmlsoft:libxml2:2.7.5
  • XMLSoft Libxml2 2.7.4
    cpe:2.3:a:xmlsoft:libxml2:2.7.4
  • XMLSoft Libxml2 2.7.7
    cpe:2.3:a:xmlsoft:libxml2:2.7.7
  • XMLSoft Libxml2 2.7.6
    cpe:2.3:a:xmlsoft:libxml2:2.7.6
  • XMLSoft Libxml2 2.7.3
    cpe:2.3:a:xmlsoft:libxml2:2.7.3
  • XMLSoft Libxml2 2.7.2
    cpe:2.3:a:xmlsoft:libxml2:2.7.2
  • XMLSoft Libxml2 2.7.1
    cpe:2.3:a:xmlsoft:libxml2:2.7.1
  • XMLSoft Libxml2 2.7.0
    cpe:2.3:a:xmlsoft:libxml2:2.7.0
  • XMLSoft Libxml2 2.7.8
    cpe:2.3:a:xmlsoft:libxml2:2.7.8
  • cpe:2.3:a:xmlsoft:libxml:1.8.16
    cpe:2.3:a:xmlsoft:libxml:1.8.16
  • cpe:2.3:a:xmlsoft:libxml:1.8.15
    cpe:2.3:a:xmlsoft:libxml:1.8.15
  • cpe:2.3:a:xmlsoft:libxml:1.8.14
    cpe:2.3:a:xmlsoft:libxml:1.8.14
  • cpe:2.3:a:xmlsoft:libxml:1.8.13
    cpe:2.3:a:xmlsoft:libxml:1.8.13
  • cpe:2.3:a:xmlsoft:libxml:1.8.12
    cpe:2.3:a:xmlsoft:libxml:1.8.12
  • cpe:2.3:a:xmlsoft:libxml:1.8.11
    cpe:2.3:a:xmlsoft:libxml:1.8.11
  • cpe:2.3:a:xmlsoft:libxml:1.8.10
    cpe:2.3:a:xmlsoft:libxml:1.8.10
  • cpe:2.3:a:xmlsoft:libxml:1.8.9
    cpe:2.3:a:xmlsoft:libxml:1.8.9
  • cpe:2.3:a:xmlsoft:libxml:1.8.8
    cpe:2.3:a:xmlsoft:libxml:1.8.8
  • cpe:2.3:a:xmlsoft:libxml:1.8.7
    cpe:2.3:a:xmlsoft:libxml:1.8.7
  • cpe:2.3:a:xmlsoft:libxml:1.8.6
    cpe:2.3:a:xmlsoft:libxml:1.8.6
  • cpe:2.3:a:xmlsoft:libxml:1.8.5
    cpe:2.3:a:xmlsoft:libxml:1.8.5
  • cpe:2.3:a:xmlsoft:libxml:1.8.4
    cpe:2.3:a:xmlsoft:libxml:1.8.4
  • cpe:2.3:a:xmlsoft:libxml:1.8.3
    cpe:2.3:a:xmlsoft:libxml:1.8.3
  • cpe:2.3:a:xmlsoft:libxml:1.8.2
    cpe:2.3:a:xmlsoft:libxml:1.8.2
  • cpe:2.3:a:xmlsoft:libxml:1.8.1
    cpe:2.3:a:xmlsoft:libxml:1.8.1
  • cpe:2.3:a:xmlsoft:libxml:1.8.0
    cpe:2.3:a:xmlsoft:libxml:1.8.0
  • cpe:2.3:a:xmlsoft:libxml:1.5.0
    cpe:2.3:a:xmlsoft:libxml:1.5.0
  • cpe:2.3:a:xmlsoft:libxml:1.6.0
    cpe:2.3:a:xmlsoft:libxml:1.6.0
  • cpe:2.3:a:xmlsoft:libxml:1.6.1
    cpe:2.3:a:xmlsoft:libxml:1.6.1
  • cpe:2.3:a:xmlsoft:libxml:1.6.2
    cpe:2.3:a:xmlsoft:libxml:1.6.2
  • cpe:2.3:a:xmlsoft:libxml:1.7.0
    cpe:2.3:a:xmlsoft:libxml:1.7.0
  • cpe:2.3:a:xmlsoft:libxml:1.7.1
    cpe:2.3:a:xmlsoft:libxml:1.7.1
  • cpe:2.3:a:xmlsoft:libxml:1.7.2
    cpe:2.3:a:xmlsoft:libxml:1.7.2
  • cpe:2.3:a:xmlsoft:libxml:1.7.3
    cpe:2.3:a:xmlsoft:libxml:1.7.3
  • cpe:2.3:a:xmlsoft:libxml:1.7.4
    cpe:2.3:a:xmlsoft:libxml:1.7.4
CVSS
Base: 9.3 (as of 24-06-2016 - 12:51)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description libxmlInvalid 2.7.x XPath Multiple Memory Corruption Vulnerabilities. CVE-2011-1944. Remote exploit for linux platform
id EDB-ID:35810
last seen 2016-02-04
modified 2011-05-31
published 2011-05-31
reporter Chris Evans
source https://www.exploit-db.com/download/35810/
title libxmlInvalid 2.7.x XPath Multiple Memory Corruption Vulnerabilities
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7856.NASL
    description This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets). It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-an d-interesting.html It also fixes the broken xpath implementation, which was crashing in the regression test suite on 32-bit architectures and failing some of the tests on all architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 55495
    published 2011-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55495
    title Fedora 14 : libxml-1.8.17-27.fc14 (2011-7856)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBXML2-110629.NASL
    description Specially crafted xml files could crash applications using libxml2 (CVE-2011-1944). This has been fixed.
    last seen 2019-02-21
    modified 2015-01-26
    plugin id 55697
    published 2011-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55697
    title SuSE 11.1 Security Update : libxml2 (SAT Patch Number 4813)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1153-1.NASL
    description Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55168
    published 2011-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55168
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libxml2 vulnerability (USN-1153-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML2-7601.NASL
    description Specially crafted xml files could crash applications using libxml2 (CVE-2011-1944). This has been fixed.
    last seen 2019-02-21
    modified 2015-01-26
    plugin id 55698
    published 2011-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55698
    title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7601)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-002.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59067
    published 2012-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59067
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_JSA10669.NASL
    description According to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library : - A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944) - A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841) - A heap-based buffer overflow vulnerability exists in the 'xmlParseAttValueComplex' function which can result in arbitrary code execution. (CVE-2012-5134) - A denial of service vulnerability exists due to excessive CPU and memory consumption in the processing of XML files containing entity declarations with long replacement text (also known as 'internal entity expansion with linear complexity'). (CVE-2013-0338) - A denial of service vulnerability exists related to the XML_PARSER_EOF state checking. (CVE-2013-2877) These vulnerabilities can be exploited by a remote attacker via a specially crafted XML file.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 80957
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80957
    title Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBXML2-7600.NASL
    description Specially crafted xml files could crash applications using libxml2 (CVE-2011-1944). This has been fixed.
    last seen 2019-02-21
    modified 2015-01-26
    plugin id 57223
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57223
    title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7600)
  • NASL family Gain a shell remotely
    NASL id APPLETV_5_1.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62357
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62357
    title Apple TV < 5.1 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7BE92050A45011E29898001060E06FD4.NASL
    description Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65968
    published 2013-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65968
    title FreeBSD : libxml -- Integer overflow (7be92050-a450-11e2-9898-001060e06fd4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBXML2-110629.NASL
    description Specially crafted xml files could crash applications using libxml2 (CVE-2011-1944).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75935
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75935
    title openSUSE Security Update : libxml2 (openSUSE-SU-2011:0839-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-7820.NASL
    description This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets). It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-an d-interesting.html It also fixes the broken xpath implementation, which was crashing in the regression test suite on 32-bit architectures and failing some of the tests on all architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 55492
    published 2011-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55492
    title Fedora 15 : libxml-1.8.17-27.fc15 (2011-7820)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBXML2-110629.NASL
    description Specially crafted xml files could crash applications using libxml2 (CVE-2011-1944).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75634
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75634
    title openSUSE Security Update : libxml2 (openSUSE-SU-2011:0839-1)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the 'internal entity expansion' with linear complexity issue, that allows specially crafted XML files to consume excessive CPU and memory resources. An unauthenticated, remote attacker can exploit this to cause a denial of service condition by using a specially crafted XML file containing an entity declaration with long replacement text and many references to this entity. (CVE-2013-0338) - An out-of-bounds read error exists in libxml2 within file parser.c due to a failure to check for the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a specially crafted document that ends abruptly, to cause a denial of service condition. (CVE-2013-2877) - A flaw exists within the mod_headers module in the HTTP server which allows bypassing the 'RequestHeader unset' directives. An unauthenticated, remote attacker can exploit this to inject arbitrary headers. This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding. (CVE-2013-5704) - A flaw exists in the dav_xml_get_cdata() function in file main/util.c within the HTTP server mod_dav module due to incorrect stripping of whitespace characters from the CDATA sections. An unauthenticated, remote attacker via a specially crafted DAV WRITE request, can exploit this to cause a denial of service condition. (CVE-2013-6438) - A flaw exists in the log_cookie() function in file mod_log_config.c within the HTTP server mod_log_config module due to improper handling of specially crafted cookies during truncation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition via a segmentation fault. (CVE-2014-0098) - A flaw exists in libxml2, specifically in the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities even when entity substitution is disabled. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML file, to conduct XML External Entity (XXE) attacks that exhaust CPU and memory resources, resulting in a denial of service condition. (CVE-2014-0191) - A race condition exists in the HTTP server within the mod_status module when using a threaded Multi-Processing Module (MPM). If an unauthenticated, remote attacker is able to access status pages served by mod_status, the attacker can exploit this issue, by sending specially crafted requests, to cause the httpd child process to crash or possibly execute arbitrary code with the privileges of the user running the web server. (CVE-2014-0226) - An unspecified flaw exists in the Web Listener subcomponent that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6571) - An unspecified flaw exists in the J2EE subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2015-0372) - An unspecified flaw exists in the Web Listener subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2015-0386)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 81002
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81002
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_4.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59066
    published 2012-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59066
    title Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)
  • NASL family Web Servers
    NASL id HPSMH_7_1_1_1.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities : - The bundled version of the libxml2 library contains multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2011-3379, CVE-2011-4153, CVE-2011-4885, CVE-2012-1823, CVE-2012-0057, CVE-2012-0830) - The bundled version of the Apache HTTP Server contains multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317, CVE-2011-4415, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053) - An issue exists in the 'include/iniset.php' script in the embedded RoundCube Webmail version that could lead to a denial of service. (CVE-2011-4078) - The bundled version of OpenSSL contains multiple vulnerabilities. (CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-1165) - The bundled version of curl and libcurl does not properly consider special characters during extraction of a pathname from a URL. (CVE-2012-0036) - An off autocomplete attribute does not exist for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. (CVE-2012-2012) - An unspecified vulnerability exists that could allow a remote attacker to cause a denial of service, or possibly obtain sensitive information or modify data. (CVE-2012-2013) - An unspecified vulnerability exists related to improper input validation. (CVE-2012-2014) - An unspecified vulnerability allows remote, unauthenticated users to gain privileges and obtain sensitive information. (CVE-2012-2015) - An unspecified vulnerability allows local users to obtain sensitive information via unknown vectors. (CVE-2012-2016)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59851
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59851
    title HP System Management Homepage < 7.1.1 Multiple Vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0008.NASL
    description a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues. b. Updated ESX Service Console package libxml2 The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 58903
    published 2012-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58903
    title VMSA-2012-0008 : VMware ESX updates to ESX Service Console
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130131_MINGW32_LIBXML2_ON_SL6_X.NASL
    description IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64425
    published 2013-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64425
    title Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0012_REMOTE.NASL
    description The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in the bundled libxml2 library in the xmlXPathNextPrecedingSibling(), xmlNodePtr(), and xmlXPathNextPrecedingInternal() functions due to improper processing of namespaces and attributes nodes. A remote attacker can exploit these, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2010-4008) - Multiple remote code execution vulnerabilities exist in the bundled libxml2 library in the xmlCharEncFirstLineInt() and xmlCharEncInFunc() functions due to an off-by-one overflow condition. A remote attacker can exploit these, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-0216) - A remote code execution vulnerability exists in the bundled libxml2 library due to improper sanitization of user-supplied input when processing an XPath nodeset. A remote attacker can exploit this, via a specially crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2011-1944) - A remote code execution vulnerability exists in the bundled libxml2 library in the xmlXPathCompOpEval() function due to improper processing of invalid XPath expressions. A remote attacker can exploit this, via a specially crafted XSLT stylesheet, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-2834) - A denial of service vulnerability exists in the bundled libxml2 library due to multiple out-of-bounds read errors in parser.c that occur when getting a Stop order. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition. (CVE-2011-3905) - A remote code execution vulnerability exists in the bundled libxml2 library in the xmlStringLenDecodeEntities() function in parser.c due to an overflow condition that occurs when copying entities. A remote attacker can exploit this, via a specially crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2011-3919) - A denial of service vulnerability exists in the bundled libxml2 library due to improper processing of crafted parameters. A remote attacker can exploit this to cause a hash collision, resulting in a denial of service condition. (CVE-2012-0841)
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89037
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89037
    title VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0008_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - COS kernel - libxml2
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89109
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89109
    title VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0217.NASL
    description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64384
    published 2013-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64384
    title CentOS 6 : mingw32-libxml2 (CESA-2013:0217)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13824.NASL
    description lot of security bug fixes Lots of security patches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62324
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62324
    title Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1749.NASL
    description Updated libxml2 packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. This update also fixes the following bugs : * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. (BZ#732335) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57022
    published 2011-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57022
    title RHEL 6 : libxml2 (RHSA-2011:1749)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-26 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A local or remote attacker may be able to execute arbitrary code with the privileges of the application or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56660
    published 2011-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56660
    title GLSA-201110-26 : libxml2: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111206_LIBXML2_ON_SL6_X.NASL
    description The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Scientific Linux generally does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs : - A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61192
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61192
    title Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-131.NASL
    description Multiple vulnerabilities has been discovered and corrected in libxml/libxml2 : Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions (CVE-2011-1944). The updated packages have been patched to correct this issue. Update : Packages were misssing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 56085
    published 2011-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56085
    title Mandriva Linux Security Advisory : libxml (MDVSA-2011:131-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0012.NASL
    description a. ESXi update to third-party component libxml2 The libxml2 third-party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 59966
    published 2012-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59966
    title VMSA-2012-0012 : VMware ESXi update to third-party library
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0217.NASL
    description From Red Hat Security Advisory 2013:0217 : Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68721
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68721
    title Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0217.NASL
    description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64391
    published 2013-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64391
    title RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120111_LIBXML2_ON_SL5_X.NASL
    description The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61217
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61217
    title Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0017.NASL
    description Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57492
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57492
    title RHEL 5 : libxml2 (RHSA-2012:0017)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0017.NASL
    description Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57487
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57487
    title CentOS 5 : libxml2 (CESA-2012:0017)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0017.NASL
    description From Red Hat Security Advisory 2012:0017 : Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68429
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68429
    title Oracle Linux 5 : libxml2 (ELSA-2012-0017)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_764879_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Errors exist in the Libxml2 library functions 'xmlXPathNextPrecedingSibling', 'xmlNodePtr' and 'xmlXPathNextPrecedingInternal' that could allow denial of service attacks or arbitrary code execution. (CVE-2010-4008) - Buffer overflow errors exist in the libxml2 library functions 'xmlCharEncFirstLineInt' and 'xmlCharEncInFunc' that could allow denial of service attacks or arbitrary code execution. (CVE-2011-0216) - A buffer overflow error exists in the libxml2 library file 'xpath.c' related to handling 'XPath' nodesets that could allow denial of service attacks or arbitrary code execution. (CVE-2011-1944) - A double-free error exists in the libxml2 library function 'xmlXPathCompOpEval' related to handling invalid 'XPath' expressions that could allow denial of service attacks or arbitrary code execution. (CVE-2011-2834) - An out-of-bounds read error exists in the libxml2 library file 'parser.c' related to handling 'Stop' orders that could allow denial of service attacks. (CVE-2011-3905) - A buffer overflow error exists in the libxml2 library function 'xmlStringLenDecodeEntities' related to copying entities that could allow denial of service attacks or arbitrary code execution. (CVE-2011-3919) - An error exists in the libxml2 library related to hash collisions that could allow denial of service attacks. (CVE-2012-0841)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 70884
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70884
    title ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13820.NASL
    description Lot of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62323
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62323
    title Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820)
redhat via4
advisories
  • rhsa
    id RHSA-2011:1749
  • rhsa
    id RHSA-2013:0217
rpms
  • libxml2-0:2.7.6-4.el6
  • libxml2-devel-0:2.7.6-4.el6
  • libxml2-python-0:2.7.6-4.el6
  • libxml2-static-0:2.7.6-4.el6
  • libxml2-0:2.6.26-2.1.12.el5_7.2
  • libxml2-devel-0:2.6.26-2.1.12.el5_7.2
  • libxml2-python-0:2.6.26-2.1.12.el5_7.2
  • mingw32-libxml2-0:2.7.6-6.el6_3
  • mingw32-libxml2-static-0:2.7.6-6.el6_3
refmap via4
apple
  • APPLE-SA-2012-05-09-1
  • APPLE-SA-2012-09-19-1
bid 48056
confirm
debian DSA-2255
fedora FEDORA-2011-7856
hp
  • HPSBMU02786
  • SSRT100877
mandriva MDVSA-2011:131
misc http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
mlist [oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues
osvdb 73248
secunia 44711
suse openSUSE-SU-2011:0839
ubuntu USN-1153-1
the hacker news via4
id THN:B5218A4B6680543EFCCADB0F38E960BF
last seen 2018-01-27
modified 2015-01-21
published 2015-01-21
reporter Mohit Kumar
source https://thehackernews.com/2015/01/java-update-patch-vulnerability.html
title Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities
vmware via4
  • description The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues.
    id VMSA-2012-0008
    last_updated 2012-09-13T00:00:00
    published 2012-04-26T00:00:00
    title Updated ESX Service Console package libxml2
  • description The libxml2 third party library has been updated which addresses multiple security issues
    id VMSA-2012-0012
    last_updated 2012-09-13T00:00:00
    published 2012-07-12T00:00:00
    title ESXi update to third party component libxml2
Last major update 16-06-2016 - 21:59
Published 02-09-2011 - 12:55
Back to Top