Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.

fix for CVE-2008-2935 problem in exslt rc4 crypto extensions

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibly execute arbitrary code with the privileges of the application in question (CVE-2008-2935).

The updated packages have been patched to correct this issue.

Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism.

A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935)

Red Hat would like to thank Chris Evans for reporting this vulnerability.

All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

The remote host is affected by the vulnerability described in GLSA-200808-06 (libxslt: Execution of arbitrary code)

    Chris Evans (Google Security) reported that the libexslt library that     is part of libxslt is affected by a heap-based buffer overflow in the     RC4 encryption/decryption functions.
  Impact :

    A remote attacker could entice a user to process an XML file using a     specially crafted XSLT stylesheet in an application linked against     libxslt, possibly leading to the execution of arbitrary code with the     privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

A heap overflow in the RC4 cryptographic routines in libxslt was fixed which could be used by attackers to potentially execute code.
(CVE-2008-2935)

It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767)

Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service. (CVE-2008-2935).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0649 advisory.

    [1.1.17-2.0.1.el5_2.2]
    - Added libxslt-enterprise.patch and replaced doc/redhat.gif in tarball

    [1.1.17-2.el5_2.2]
    - fix various problems in libexslt RC4 encryption/decryption functions
    - resolves: rhbz#456232

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
33773	Debian DSA-1624-1 : libxslt - buffer overflows	Nessus	Debian Local Security Checks	8/1/2008	1/4/2021	high
33843	Fedora 8 : libxslt-1.1.24-2.fc8 (2008-7029)	Nessus	Fedora Local Security Checks	8/8/2008	1/11/2021	high
33845	Fedora 9 : libxslt-1.1.24-2.fc9 (2008-7062)	Nessus	Fedora Local Security Checks	8/8/2008	1/11/2021	high
36753	Mandriva Linux Security Advisory : libxslt (MDVSA-2008:160)	Nessus	Mandriva Local Security Checks	4/23/2009	1/6/2021	high
43704	CentOS 4 / 5 : libxslt (CESA-2008:0649)	Nessus	CentOS Local Security Checks	1/6/2010	1/4/2021	high
33836	GLSA-200808-06 : libxslt: Execution of arbitrary code	Nessus	Gentoo Local Security Checks	8/7/2008	1/6/2021	high
33784	RHEL 4 / 5 : libxslt (RHSA-2008:0649)	Nessus	Red Hat Local Security Checks	8/1/2008	1/14/2021	high
34076	SuSE 10 Security Update : libxslt (ZYPP Patch Number 5457)	Nessus	SuSE Local Security Checks	9/3/2008	1/14/2021	high
40059	openSUSE Security Update : libxslt (libxslt-110)	Nessus	SuSE Local Security Checks	7/21/2009	1/14/2021	high
33808	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxslt vulnerabilities (USN-633-1)	Nessus	Ubuntu Local Security Checks	8/4/2008	1/19/2021	high
34077	openSUSE 10 Security Update : libxslt (libxslt-5458)	Nessus	SuSE Local Security Checks	9/3/2008	1/14/2021	high
60457	Scientific Linux Security Update : libxslt on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
67734	Oracle Linux 5 : libxslt (ELSA-2008-0649)	Nessus	Oracle Linux Local Security Checks	7/12/2013	10/22/2024	critical

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

high

high

critical