exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache Santuario XML Security For C++ Stack Overflow

Apache Santuario XML Security For C++ Stack Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154
SHA-256 | af0afeb75458291b861cf5f636dc2a226e089a6059ccbe7118f0979ffd301af2

Apache Santuario XML Security For C++ Stack Overflow

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A stack overflow, possibly leading to arbitrary code
execution, exists in the processing of malformed XPointer expressions
in the XML Signature Reference processing code.

An attacker could use this to exploit an application performing
signature verification if the application does not block the
evaluation of such references prior to performing the verification
step. The exploit would occur prior to the actual verification of
the signature, so does not require authenticated content.

Mitigation: Applications that do not otherwise prevent the evaluation of
XPointer expressions during signature verification and are using library
versions older than V1.7.1 should upgrade as soon as possible. Distributors
of older versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=r1493959

The first chunk of the patch to DSIGReference.cpp is the relevant portion.

Credit: This issue was reported by James Forshaw, Context Information
Security

References: http://santuario.apache.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBCgAGBQJRv9OYAAoJEDeLhFQCJ3li8IgP/1kbxVPOdSXDqx4ER9oBU877
7Z8XwGw3vL1CUoyt1AWlElqJpgrUMP723fcLWJa3sfXiY6Pnp/+dxfiaoUCAa+OJ
qJS2/TUmc/1EwGc+hawvCJlItuKb7aOHhdPlOX3KuriTHnqnigTXkpF0n5oUd7Md
e0+XOIFcTpoudUUEfdiigBtJHBxv8Jfq3dvjCOD2aOpRCreEBEinykdxdXWX2onw
Ugj7b+FxH/d4eVSYS1vuIxLAVqJpgN4AlVV7kNzyp0ivPE3NgKYb946Kq5YNkYN3
Xj3uq+VW7NxWMzWn/Gl5GEgPGNdzTPVZ80dy/bOIw4dDUtA362axfO24I+Lmrobx
2/JhgeovwCbIrbeMVZOtWeSYoRFSFtf9WxKDVi+9a+53UtZOWCNhky48D9iU2OuA
fxEAeTmDH+Dx23w/bXezwI0X4l2hItBHd4+V59BP7p/90Vu3iBw9jez8lzQXWJ8G
hzUyxCdGN0hB3K+1pOesKTmD1zdy8u3L/FUz91gbB7ciivmvzsx5a5zB3BLzWSJF
3jgAwWaay4DZdL4YmCW3khr5xa05nR0LUqlS3xpTukrWfPqLdjJzBfeeDWWxMGib
N5dPaf+DMB9Q5TmLXb6j3tsEfCS+xqky+ryqsS8rGrrIcL1zW9HAlG+QELAC/t6q
bVctGmNMu7i+o9xXqUJ0
=7xZa
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close