exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2013-0339

Status Candidate

Overview

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
Apple iTunes 11.2.2 Insecure Libraries
Posted Jul 7, 2014
Authored by Stefan Kanthak

Apple iTunes version 11.2.2 for Windows comes with outdated and vulnerable libraries.

tags | advisory
systems | windows, apple
advisories | CVE-2013-0339, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419
SHA-256 | 06dd04f00b24ec800040eaaa5b70fc019fae6203350c787c6d149bfb0721507b
Mandriva Linux Security Advisory 2013-198
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0339, CVE-2013-2877
SHA-256 | 0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791d
Ubuntu Security Notice USN-1904-2
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability, xxe
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877
SHA-256 | 73ee61050460c5c1a204774c868ab1fa47667ad17da81dbf917de23f5248cb36
Ubuntu Security Notice USN-1904-1
Posted Jul 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877, CVE-2013-0339, CVE-2013-2877
SHA-256 | cd859ab9c1529eb842030310fdae2e007f5f2c595e947035ccee976394f0e6e5
Debian Security Advisory 2652-1
Posted Mar 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2652-1 - Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.

tags | advisory
systems | linux, debian
advisories | CVE-2013-0338, CVE-2013-0339
SHA-256 | 04ec56e7cfa9d1647f6ba4df2f17ae024aed83c6e87c37677e43bc3a80341400
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close