what you don't know can hurt you

Apache Santuario XML Security For C++ Heap Overflow

Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 27, 2013
Authored by Jon Erickson

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154, CVE-2013-2210
MD5 | 94f3d21daa75c010adc2c62206b9ca7d

Apache Santuario XML Security For C++ Heap Overflow

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.2

Description: The attempted fix to address CVE-2013-2154 introduced the
possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code.

An attacker could use this to exploit an application performing
signature verification if the application does not block the
evaluation of such references prior to performing the verification
step. The exploit would occur prior to the actual verification of
the signature, so does not require authenticated content.

Mitigation: Applications that do not otherwise prevent the evaluation of
XPointer expressions during signature verification and are using library
versions older than V1.7.2 should upgrade as soon as possible. Distributors
of older versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=r1496703

Credit: This issue was reported by Jon Erickson of iSIGHT Partners Labs

References:
http://santuario.apache.org/
http://santuario.apache.org/secadv.data/CVE-2013-2154.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBCgAGBQJRy4zwAAoJEDeLhFQCJ3lin88QALve0Q1GXUQMQsJeqpS2IKI0
FUHhlVhOBVUOjhT3Q1+TfXHqTubJ6Rb6sAhPHB1YzKkeJwyWcRVKi4/1AVGcp3Nq
e1fBNz3zrLQpYyjkmoPxUv/SADRtn8mbED1/WAJ2K3iQJ951FWkDpC8MTJhlJBEJ
FUh6hXMZJpiA4KGidsAJDpvsqZhOAUKDwxD7s0rdmadc+/dB2PigDXcJxgdG9Dz3
eQYS+UkvhUCAIU8TxJaCqEECGYAe015AikbroMHUdhmNsP4otke2HOBz1xcs8YCb
KyNlm0HmQ7S4Qv0UEeAyCzHXITAw7lRD5tp7/y9ZcHbLPZHAgMtFmcup5O7/xrVb
h9Mh+uZ1C2atEPd/ME3/JqNDSAzxcT+Wa3SEQrnQXUVfpomE3Pztg3EUYPL8x/ln
WO+pobIyTMPTEQ1rTI3LPliG8JDU4QS1HY+VQzlspNsVF2buDrOprgKAYx3MWnz3
/YvThnNNumXx7EjX/KN5RVmLavWSfJSGk725dYcaePAtLNIBHIWbkvZitsJSlrg7
0mTj8eAza79/UYWaWyz0zzd1y5bYq0m582hwSI9r45hdB32agvi5IqkAxhswBHTk
B2xga2QZynAmJGHBmvPXq8fmwFw7VOZ6H+M55fNCHnb4XA96OZGb5+aZCRX2m5+X
Gf+o5DTdMpinSzoT2ax2
=hZu/
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close