Published: 01/03/2005 Updated: 11/10/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote malicious users to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml 1.8.17
xmlsoft libxml2 2.5.11
xmlsoft libxml2 2.6.9
xmlstarlet command line xml toolkit 0.9.1
xmlsoft libxml2 2.6.11
xmlsoft libxml2 2.6.12
xmlsoft libxml2 2.6.13
xmlsoft libxml2 2.6.14
xmlsoft libxml2 2.6.6
xmlsoft libxml2 2.6.7
xmlsoft libxml2 2.6.8
redhat fedora core core_2.0
trustix secure linux 2.0
trustix secure linux 2.1
ubuntu ubuntu linux 4.1

Several buffer overflows have been discovered in libxml’s FTP connection and DNS resolution functions Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml ...

Synopsis libxml security update Type/Severity Security Advisory: Moderate Topic An updated libxml package that fixes multiple buffer overflows is nowavailable[Updated 24 May 2005]Multilib packages have been added to this advisory Description The libxml package contains a library for manipu ...

Synopsis libxml2 security update Type/Severity Security Advisory: Moderate Topic An updated libxml2 package that fixes multiple buffer overflows is nowavailable Description libxml2 is a library for manipulating XML filesMultiple buffer overflow bugs have been found in libxml2 versions pri ...

"infamous41md" discovered several buffer overflows in libxml and libxml2, the XML C parser and toolkits for GNOME Missing boundary checks could cause several buffers to be overflown, which may cause the client to execute arbitrary code The following vulnerability matrix lists corrected versions of these libraries: For the stable distribution (woo ...

source: wwwsecurityfocuscom/bid/11526/info The 'libxml2' library is reported prone to multiple remote stack-based buffer-overflow vulnerabilities caused by insufficient boundary checks Remote attackers may exploit these issues to execute arbitrary code on a vulnerable computer The URI parsing functionality and the DNS name resolving c ...

NVD-CWE-Other http://www.securityfocus.com/bid/11526 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://www.debian.org/security/2004/dsa-582 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 http://marc.info/?l=bugtraq&m=109880813013482&w=2 https://www.ubuntu.com/usn/usn-89-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 https://usn.ubuntu.com/89-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/24704/

CVE-2004-0989

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect