Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: libxml, denials of service

August 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can create malformed XML data, in order to generate a denial of service in applications linked to libxml.

Severity: 2/4

Consequences: denial of service of service, denial of service of client

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 11/08/2009

IMPACTED PRODUCTS

- Debian Linux
- Fedora
- Mandriva Corporate
- Mandriva Enterprise Server
- Mandriva Linux
- Novell Linux Desktop
- Novell Open Enterprise Server
- OpenSUSE
- Red Hat Enterprise Linux
- SUSE Linux Enterprise Server
- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The libxml/libxml2 library implements a XML parser. It is impacted by two vulnerabilities.

A malicious DTD document generates an infinite recursion, which fills the stack, and stop the application. This vulnerability is different from VIGILANCE-VUL-8926 (https://vigilance.fr/tree/1/8926). [grav:2/4; CVE-2009-2414]

An XML document, containing Notation and Enumeration attribute types, forces the usage of freed memory, which stops the application. [grav:2/4; CVE-2009-2416]

An attacker can therefore create malformed XML data, in order to generate a denial of service in applications linked to libxml.

CHARACTERISTICS

Identifiers: BID-36010, CVE-2009-2414, CVE-2009-2416, DSA 1859-1, DSA-1861-1, FEDORA-2009-8491, FEDORA-2009-8498, FEDORA-2009-8580, FEDORA-2009-8582, FEDORA-2009-8594, FICORA #245608, MDVSA-2009:200, RHSA-2009:1206-01, SUSE-SR:2009:013, VIGILANCE-VUL-8930

http://vigilance.fr/vulnerability/l...




See previous articles

    

See next articles