Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: libxml, denials of service

August 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can create malformed XML data, in order to generate a
denial of service in applications linked to libxml.

Severity: 2/4

Consequences: denial of service of service, denial of service of
client

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 11/08/2009

IMPACTED PRODUCTS

 Debian Linux
 Fedora
 Mandriva Corporate
 Mandriva Enterprise Server
 Mandriva Linux
 Novell Linux Desktop
 Novell Open Enterprise Server
 OpenSUSE
 Red Hat Enterprise Linux
 SUSE Linux Enterprise Server
 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The libxml/libxml2 library implements a XML parser. It is impacted
by two vulnerabilities.

A malicious DTD document generates an infinite recursion, which
fills the stack, and stop the application. This vulnerability is
different from VIGILANCE-VUL-8926 (https://vigilance.fr/tree/1/8926).
[grav:2/4; CVE-2009-2414]

An XML document, containing Notation and Enumeration attribute
types, forces the usage of freed memory, which stops the
application. [grav:2/4; CVE-2009-2416]

An attacker can therefore create malformed XML data, in order to
generate a denial of service in applications linked to libxml.

CHARACTERISTICS

Identifiers: BID-36010, CVE-2009-2414, CVE-2009-2416, DSA 1859-1,
DSA-1861-1, FEDORA-2009-8491, FEDORA-2009-8498, FEDORA-2009-8580,
FEDORA-2009-8582, FEDORA-2009-8594, FICORA #245608,
MDVSA-2009:200, RHSA-2009:1206-01, SUSE-SR:2009:013,
VIGILANCE-VUL-8930

http://vigilance.fr/vulnerability/libxml-denials-of-service-8930


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts