CVE-2004-0989

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://secunia.com/advisories/13000
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://secunia.com/advisories/13000
http://securitytracker.com/id?1011941
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.securityfocus.com/bid/11526	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://www.ubuntu.com/usn/usn-89-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xmlsoft:libxml:1.8.17:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.5.11:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.6:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.7:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.8:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.9:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.11:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.12:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.13:::::::*
	cpe:2.3:a:xmlsoft:libxml2:2.6.14:::::::*
	cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.0:::::::*
	cpe:2.3:o:trustix:secure_linux:2.1:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

History

20 Nov 2024, 23:49

Information

Published : 2005-03-01 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0989

Mitre link : CVE-2004-0989

CVE.ORG link : CVE-2004-0989

JSON object : View

Products Affected

xmlstarlet

command_line_xml_toolkit

trustix

secure_linux

ubuntu

ubuntu_linux

xmlsoft

libxml
libxml2

redhat

fedora_core

CWE

NVD-CWE-Other

{"id": "CVE-2004-0989", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-03-01T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109880813013482&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13000", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011941", "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-582", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11179", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11180", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11324", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11526", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173", "source": "cve@mitre.org"}, {"url": "https://www.ubuntu.com/usn/usn-89-1/", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=109880813013482&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/13000", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1011941", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2004/dsa-582", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/11179", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/11180", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/11324", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11526", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ubuntu.com/usn/usn-89-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7C0B552-67E9-48E5-ABFB-AF0CD6DA46FE"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0"}, {"criteria": "cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF12410-9F1E-452C-BAA6-22E73A9FA75C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B"}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA"}, {"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10