Detections
Analytics
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)
medium Nessus Plugin ID 80687
Language:
Synopsis
The remote Solaris system is missing a security patch for third-party software.Description
The remote Solaris system is missing necessary patches to address security updates :- libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
(CVE-2010-4008)
Solution
Upgrade to Solaris 11/11 SRU 10.5.See Also
http://www.nessus.org/u?4a913f44
https://blogs.oracle.com/sunsecurity/cve-2010-4008-denial-of-service-dos-vulnerability-in-libxml2
Plugin Details
Severity: Medium
ID: 80687
File Name: solaris11_libxml2_20120821.nasl
Version: 1.4
Type: local
Family: Solaris Local Security Checks
Published: 1/19/2015
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:oracle:solaris:11.0, p-cpe:/a:oracle:solaris:libxml2
Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list
Patch Publication Date: 8/21/2012
Reference Information
CVE: CVE-2010-4008