Published: 01/08/2008 Updated: 11/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 up to and including 1.1.24 allow context-dependent malicious users to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxslt 1.1.10
xmlsoft libxslt 1.1.11
xmlsoft libxslt 1.1.19
xmlsoft libxslt 1.1.20
xmlsoft libxslt 1.1.14
xmlsoft libxslt 1.1.15
xmlsoft libxslt 1.1.16
xmlsoft libxslt 1.1.23
xmlsoft libxslt 1.1.24
xmlsoft libxslt 1.1.12
xmlsoft libxslt 1.1.13
xmlsoft libxslt 1.1.21
xmlsoft libxslt 1.1.22
xmlsoft libxslt 1.1.17
xmlsoft libxslt 1.1.18
xmlsoft libxslt 1.1.8
xmlsoft libxslt 1.1.9

Debian Bug report logs - #493162 libxslt11: buffer overflow [CVE-2008-2935] Package: libxslt11; Maintainer for libxslt11 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxslt11 is src:libxslt (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustytoothpasteathcx&gt ...

It was discovered that long transformation matches in libxslt could overflow If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce (CVE-2008-1767) ...

Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code For the stable distribution (etch), this problem has been fixed in version 1119-3 For the unstable distribution (sid), this problem will be fixed soon We recommend that you upgrade your libxslt packages ...

source: wwwsecurityfocuscom/bid/30467/info The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on th ...

CWE-119 http://www.ocert.org/advisories/ocert-2008-009.html http://www.ocert.org/patches/exslt_crypt.patch http://www.scary.beasts.org/security/CESA-2008-003.html http://www.securityfocus.com/bid/30467 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html http://www.ubuntu.com/usn/usn-633-1 http://secunia.com/advisories/31310 http://security.gentoo.org/glsa/glsa-200808-06.xml http://secunia.com/advisories/31363 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html http://www.securitytracker.com/id?1020596 http://www.debian.org/security/2008/dsa-1624 http://www.redhat.com/support/errata/RHSA-2008-0649.html http://secunia.com/advisories/31230 http://secunia.com/advisories/31395 http://secunia.com/advisories/31331 http://secunia.com/advisories/31399 http://www.mandriva.com/security/advisories?name=MDVSA-2008:160 http://secunia.com/advisories/32453 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306 http://securityreason.com/securityalert/4078 http://www.vupen.com/english/advisories/2008/2266/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827 http://www.securityfocus.com/archive/1/497829/100/0/threaded http://www.securityfocus.com/archive/1/495018/100/0/threaded http://www.securityfocus.com/archive/1/494976/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493162 https://nvd.nist.gov https://usn.ubuntu.com/633-1/https://www.exploit-db.com/exploits/32133/

CVE-2008-2935

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect