exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2008-3281

Status Candidate

Overview

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Related Files

Gentoo Linux Security Advisory 200812-6
Posted Dec 2, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-06 - Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Versions less than 2.7.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3281, CVE-2008-3529, CVE-2008-4225, CVE-2008-4226, CVE-2008-4409
MD5 | bdeaa23fcd3973885c874f66adb24c75
VMware Security Advisory 2008-0017
Posted Oct 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
advisories | CVE-2008-3281, CVE-2008-0960, CVE-2008-2327
MD5 | a65a9972a55e92b7b25ec9b7e2f267a0
Mandriva Linux Security Advisory 2008-192
Posted Sep 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue.

tags | advisory, overflow, arbitrary
systems | linux, redhat, mandriva
advisories | CVE-2008-3281, CVE-2008-3529
MD5 | 98740cdca66db6f5c39538858d6a46e1
Ubuntu Security Notice 644-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 644-1 - It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-3281, CVE-2008-3281
MD5 | 9cb38a073844679e5e1269c1b72f0bf5
Ubuntu Security Notice 640-1
Posted Sep 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 640-1 - Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2008-3281
MD5 | 6db37c29a1720abc184db83b04749719
Mandriva Linux Security Advisory 2008-180
Posted Aug 27, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-3281
MD5 | cee89e63538737ae53aedf3ab3fd7410
Debian Linux Security Advisory 1631-2
Posted Aug 27, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.

tags | advisory
systems | linux, debian
advisories | CVE-2008-3281
MD5 | f024501160502cc01f3a8a6951c7c361
Pardus Linux Security Advisory 2008.28
Posted Aug 26, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory - A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux
advisories | CVE-2008-3281
MD5 | b5d695d395d852aa764c49dbd945acc7
Debian Linux Security Advisory 1631-1
Posted Aug 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.

tags | advisory
systems | linux, debian
advisories | CVE-2008-3281
MD5 | 4e11a0bf3ea05140834d932f3231418d
Mandriva Linux Security Advisory 2008-180
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-3281
MD5 | d020ce82b78a55691be3b77a8258749f
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    33 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close