exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2012-0876

Status Candidate

Overview

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Related Files

Slackware Security Advisory - python Updates
Posted May 5, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063, CVE-2017-9233, CVE-2018-1060, CVE-2018-1061
SHA-256 | cfec0d0baa4a36e1ae04f7f639de9cf2a3c468c972d456d4bc85ac32ebd1efec
Red Hat Security Advisory 2016-0062-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2013-5704, CVE-2015-3183
SHA-256 | 1636a44af0501528e041cd74d9e0faab81917561cfbed4a1bef6268292d7e47c
Apple Security Advisory 2015-12-08-3
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063
SHA-256 | 78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92
Ubuntu Security Notice USN-1613-2
Posted Oct 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148
SHA-256 | 03c1d61f1a7fd46df33c2cd303dd9df766d417bf63c2774bc68e006f265282de
Ubuntu Security Notice USN-1613-1
Posted Oct 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1613-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148
SHA-256 | c13b76291797c5dc6f6323302b6fdfb272dd24cd1b617c855c76a194beaf1ed9
Gentoo Linux Security Advisory 201209-06
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-6 - Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Versions less than 2.1.0_beta3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3560, CVE-2009-3720, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148
SHA-256 | 822ec539973278a040496a2f65af0dd1463e48af5d213341fb183708ba1cc60d
Ubuntu Security Notice USN-1527-2
Posted Sep 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1527-2 - USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2012-0876, CVE-2012-1148
SHA-256 | 77e4cdf3916d0a3eaf18bb43b6c4ac9ccc99707ff8d1c509b50defe8afe47337
Ubuntu Security Notice USN-1527-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1527-1 - It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2012-0876, CVE-2012-1148
SHA-256 | c3584e3aa4d3cbb82dcc486580cc91f457a48e7ca032d71f17b0d2dc8c8edb29
Debian Security Advisory 2525-1
Posted Aug 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.

tags | advisory, denial of service, memory leak
systems | linux, debian
advisories | CVE-2012-0876, CVE-2012-1148
SHA-256 | 848c3eb00844f54221e2042582ec3fba9c8596a608dd661ee1ed3f8fdc13fcb6
Mandriva Linux Security Advisory 2012-096-1
Posted Jul 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.

tags | advisory, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | 6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64
Mandriva Linux Security Advisory 2012-097
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-097 - Multiple vulnerabilities has been discovered and corrected in python. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | ea9f72137a552f0a45271fbb9a2d3f3aee9113cb46971ef47821e194f3b4801e
Mandriva Linux Security Advisory 2012-096
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133c
Red Hat Security Advisory 2012-0731-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0731-01 - Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted.

tags | advisory, denial of service, memory leak
systems | linux, redhat
advisories | CVE-2012-0876, CVE-2012-1148
SHA-256 | 394a7f79bd3236ad5f7df42375d2085ac2e3d0a734d4ee58e5ffc4674295dd95
Mandriva Linux Security Advisory 2012-041
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2012-0876, CVE-2012-1148
SHA-256 | d14554c5903aec074d1a23f535fe5ef1b64473aeed5e24680db002cbdc78d94c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close