CVE-2004-0989

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://secunia.com/advisories/13000
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526 Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://secunia.com/advisories/13000
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526 Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 -
References () http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html - () http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html -
References () http://marc.info/?l=bugtraq&m=109880813013482&w=2 - () http://marc.info/?l=bugtraq&m=109880813013482&w=2 -
References () http://secunia.com/advisories/13000 - () http://secunia.com/advisories/13000 -
References () http://securitytracker.com/id?1011941 - () http://securitytracker.com/id?1011941 -
References () http://www.ciac.org/ciac/bulletins/p-029.shtml - () http://www.ciac.org/ciac/bulletins/p-029.shtml -
References () http://www.debian.org/security/2004/dsa-582 - () http://www.debian.org/security/2004/dsa-582 -
References () http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml - () http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml -
References () http://www.novell.com/linux/security/advisories/2005_01_sr.html - () http://www.novell.com/linux/security/advisories/2005_01_sr.html -
References () http://www.osvdb.org/11179 - () http://www.osvdb.org/11179 -
References () http://www.osvdb.org/11180 - () http://www.osvdb.org/11180 -
References () http://www.osvdb.org/11324 - () http://www.osvdb.org/11324 -
References () http://www.redhat.com/support/errata/RHSA-2004-615.html - () http://www.redhat.com/support/errata/RHSA-2004-615.html -
References () http://www.redhat.com/support/errata/RHSA-2004-650.html - () http://www.redhat.com/support/errata/RHSA-2004-650.html -
References () http://www.securityfocus.com/bid/11526 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/11526 - Exploit, Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 -
References () https://www.ubuntu.com/usn/usn-89-1/ - () https://www.ubuntu.com/usn/usn-89-1/ -

Information

Published : 2005-03-01 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-0989

Mitre link : CVE-2004-0989

CVE.ORG link : CVE-2004-0989


JSON object : View

Products Affected

ubuntu

  • ubuntu_linux

trustix

  • secure_linux

redhat

  • fedora_core

xmlsoft

  • libxml
  • libxml2

xmlstarlet

  • command_line_xml_toolkit