Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

This update fixes a buffer overflow in the DNS handling code (CVE-2004-0110). This bug can be exploited remotely via a DNS server under the control of the attacker.

This update adds missing patches for a buffer overflow in URL parsing code (CVE-2004-0989) and a buffer overflow while handling DNS responses. (CVE-2004-0110)

These bugs can be exploited remotely to execute arbitrary code.

This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxml2 to parse documents.

An updated libxml package that fixes multiple buffer overflows is now available.

[Updated 24 May 2005] Multilib packages have been added to this advisory

The libxml package contains a library for manipulating XML files.

Multiple buffer overflow bugs have been found in libxml versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to an application that uses the vulnerable functions of libxml, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it could be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0989 to this issue.

Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue.

All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi (Si Xi  Yu [?] ) discovered a flaw in libxml, the GNOME XML library. When fetching a remote resource via FTP or HTTP, the library uses special parsing routines which can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml1 or libxml2 that parses remote resources and allows the attacker to craft the URL, then this flaw could be used to execute arbitrary code.

The remote host is affected by the vulnerability described in GLSA-200403-01 (Libxml2 URI Parsing Buffer Overflow Vulnerabilities)

    Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
    When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2     uses parsing routines that can overflow a buffer caused by improper bounds     checking if they are passed a URL longer than 4096 bytes.
  Impact :

    If an attacker is able to exploit an application using libxml2 that parses     remote resources, then this flaw could be used to execute arbitrary code.
  Workaround :

    No workaround is available; users are urged to upgrade libxml2 to 2.6.6.

A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code.

The updated packages provide a backported fix to correct the problem.

Updated libxml2 packages that fix an overflow when parsing remote resources are now available.

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0110 to this issue.

All users are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to this issue.

ID	Name	Product	Family	Severity
41342	SuSE9 Security Update : libxml2 (YOU Patch Number 9581)	Nessus	SuSE Local Security Checks	high
41341	SuSE9 Security Update : libxml (YOU Patch Number 9579)	Nessus	SuSE Local Security Checks	critical
40604	Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594)	Nessus	Fedora Local Security Checks	critical
40603	Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582)	Nessus	Fedora Local Security Checks	critical
36421	FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)	Nessus	FreeBSD Local Security Checks	high
21794	CentOS 3 : libxml (CESA-2004:650)	Nessus	CentOS Local Security Checks	critical
15991	RHEL 2.1 / 3 : libxml (RHSA-2004:650)	Nessus	Red Hat Local Security Checks	critical
15292	Debian DSA-455-1 : libxml - buffer overflows	Nessus	Debian Local Security Checks	high
14452	GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities	Nessus	Gentoo Local Security Checks	high
14118	Mandrake Linux Security Advisory : libxml2 (MDKSA-2004:018)	Nessus	Mandriva Local Security Checks	high
12474	RHEL 2.1 / 3 : libxml2 (RHSA-2004:090)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2004-0110

critical

Tenable Plugins

high

critical

critical

critical

high

critical

critical

high

high

high

high