User: Password:
|
|
Subscribe / Log in / New account

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 libxml 2009-08-15
Fedora FEDORA-2009-8582 libxml 2009-08-15
Fedora-Legacy FLSA:1324 libxml2 2004-07-19
Conectiva CLA-2004:836 libxml2 2004-03-31
Gentoo 200403-01 libxml2 2004-03-06
Trustix TSLSA-2004-0010 libxml2 2004-03-05
OpenPKG OpenPKG-SA-2004.003 libxml 2004-03-05
Netwosix NW-2004-0004 libxml2 2004-03-04
Debian DSA-455-1 libxml 2004-03-03
Mandrake MDKSA-2004:018 libxml2 2004-03-03
Red Hat RHSA-2004:091-02 libxml2 2004-03-03
Whitebox WBSA-2004:090-01 libxml2 2004-03-01
Red Hat RHSA-2004:090-01 Cross 2004-02-26
Fedora FEDORA-2004-087 libxml2 2004-02-25
Red Hat RHSA-2004:091-01 libxml2 2004-02-26

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds