Vigil@nce: expat, denial of service via XML
December 2009 by Vigil@nce
An attacker can create XML data containing a malicious character,
in order to create a denial of service in expat.
Severity: 2/4
Consequences: denial of service of service, denial of service of
client
Provenance: document
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 09/12/2009
IMPACTED PRODUCTS
– Debian Linux
– Fedora
– Mandriva Corporate
– Mandriva Enterprise Server
– Mandriva Linux
– Mandriva Multi Network Firewall
– OpenSolaris
– OpenSUSE
– Red Hat Enterprise Linux
– Sun Solaris
– SUSE Linux Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The expat library manages XML data.
In UTF-8 encoding, a character can be encoded with several bytes.
When XML data ends in the middle of these bytes, the
lib/xmltok_impl.c file tries to read after the end of data.
An attacker can therefore create XML data containing a malicious
character, in order to create a denial of service in applications
using expat.
CHARACTERISTICS
Identifiers: 273630, 6905480, BID-35988, BID-36097, CVE-2009-3720,
DSA 1921-1, ERR-2009-2625, FEDORA-2009-10949, FEDORA-2009-10956,
FEDORA-2009-10972, FEDORA-2009-10987, FEDORA-2009-11029,
FEDORA-2009-11030, MDVSA-2009:211, MDVSA-2009:211-1,
MDVSA-2009:212, MDVSA-2009:212-1, MDVSA-2009:213,
MDVSA-2009:213-1, MDVSA-2009:214, MDVSA-2009:215,
MDVSA-2009:215-1, MDVSA-2009:217-3, MDVSA-2009:218,
MDVSA-2009:218-1, MDVSA-2009:219, MDVSA-2009:219-1,
MDVSA-2009:220, RHSA-2009:1572-02, RHSA-2009:1625-01,
SUSE-SR:2009:018, VIGILANCE-VUL-9250
Pointed by: VIGILANCE-VUL-8925, VIGILANCE-VUL-9251
http://vigilance.fr/vulnerability/expat-denial-of-service-via-XML-9250