Vigil@nce - expat: descriptor leak via readfilemap
April 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite an application linked to expat to use an
invalid XML data source, in order to generate a file descriptor
leak, leading to a denial of service.
Severity: 1/4
Creation date: 28/03/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The expat library is used to analyze XML data.
The filemap() function of the xmlwf/readfilemap.c file reads the
contents of an XML file, and transmits its data to an XML
processor. However, if the file does not exist or is a directory,
the file descriptor which is opened at the beginning of the
function is never closed.
An attacker can therefore invite an application linked to expat to
use an invalid XML data source, in order to generate a file
descriptor leak, leading to a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/expat-descriptor-leak-via-readfilemap-11499