exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2008-3281

Status Candidate

Overview

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Related Files

Gentoo Linux Security Advisory 200812-6
Posted Dec 2, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-06 - Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Versions less than 2.7.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3281, CVE-2008-3529, CVE-2008-4225, CVE-2008-4226, CVE-2008-4409
SHA-256 | afea399183d7e4bf5793e6c11d39e7d05e10783db16546041be89900723e4205
VMware Security Advisory 2008-0017
Posted Oct 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
advisories | CVE-2008-3281, CVE-2008-0960, CVE-2008-2327
SHA-256 | 9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09
Mandriva Linux Security Advisory 2008-192
Posted Sep 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue.

tags | advisory, overflow, arbitrary
systems | linux, redhat, mandriva
advisories | CVE-2008-3281, CVE-2008-3529
SHA-256 | 1e3f41aed1bbde242e20d768dd1cd631a00b1b0292f0e84a50929112613e0636
Ubuntu Security Notice 644-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 644-1 - It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-3281, CVE-2008-3281
SHA-256 | 9139e43fe95cb79654a777a5abce41c875cabcb649f86a564afc749503aed326
Ubuntu Security Notice 640-1
Posted Sep 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 640-1 - Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2008-3281
SHA-256 | fd2bd1a56a00f0337d2ecf51a4155529229f544423d9c53fd71025bcbabe33b9
Mandriva Linux Security Advisory 2008-180
Posted Aug 27, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-3281
SHA-256 | 6978e44fa4ec963af815e34d9ca5be4c1c1f19cff96a972b445f68b57fcb7066
Debian Linux Security Advisory 1631-2
Posted Aug 27, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.

tags | advisory
systems | linux, debian
advisories | CVE-2008-3281
SHA-256 | e2c04840497407f72b22d172c8869ca3f0dd0582f1a08719fbb2c6501ff74096
Pardus Linux Security Advisory 2008.28
Posted Aug 26, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory - A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux
advisories | CVE-2008-3281
SHA-256 | 64c355dcce91e0b0f828984ad3723412eb26fdf00f38a5667c4504d985959f28
Debian Linux Security Advisory 1631-1
Posted Aug 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.

tags | advisory
systems | linux, debian
advisories | CVE-2008-3281
SHA-256 | 6c9094554c9bda05ea0527025db2031ca7ecdcbbd3fbd883d35e2efbd4657bd8
Mandriva Linux Security Advisory 2008-180
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-3281
SHA-256 | 0ebde274e431550f35a889527dc2b914d5dea262f2c261477dd76032479d4aaa
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close