Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: libxml2, buffer overflow via an entity

September 2008 by Vigil@nce

SYNTHESIS

An attacker can create a malformed XML file in order to create a denial of service or code execution when it is analyzed by libxml2.

Gravity: 3/4

Consequences: user access/rights, denial of service of service

Provenance: document

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 12/09/2008

Identifier: VIGILANCE-VUL-8106

IMPACTED PRODUCTS

- Mandriva Corporate [confidential versions]
- Mandriva Linux [confidential versions]
- Red Hat Enterprise Linux [confidential versions]
- Unix - plateform

DESCRIPTION

The libxml2 library implements features to handle data in XML format.

An XML file can contain special characters represented as entities, such as "<".

The xmlParseAttValueComplex() function of parser.c file analyzes entities contained in the value of an attribute. The replaceEntities field of the _xmlParserCtxt structure indicates if entities have to be converted or not.

When entities are not converted, and if an entity is unknown, it is simply copied in the output array. However, the array size is not extended to contain this entity.

An attacker can therefore use a long entity in order to generate an overflow leading to a denial of service or to code execution.

CHARACTERISTICS

Identifiers: 461015, BID-31126, CVE-2008-3529, MDVSA-2008:192, RHSA-2008:0884-01, RHSA-2008:0886-01, VIGILANCE-VUL-8106

https://vigilance.aql.fr/tree/1/8106




See previous articles

    

See next articles