CVE-2004-0989

Current Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Basic Data

PublishedMarch 01, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationXmlsoftLibxml1.8.17*******
    2.3ApplicationXmlsoftLibxml22.5.11*******
    2.3ApplicationXmlsoftLibxml22.6.6*******
    2.3ApplicationXmlsoftLibxml22.6.7*******
    2.3ApplicationXmlsoftLibxml22.6.8*******
    2.3ApplicationXmlsoftLibxml22.6.9*******
    2.3ApplicationXmlsoftLibxml22.6.11*******
    2.3ApplicationXmlsoftLibxml22.6.12*******
    2.3ApplicationXmlsoftLibxml22.6.13*******
    2.3ApplicationXmlsoftLibxml22.6.14*******
    2.3ApplicationXmlstarletCommand Line Xml Toolkit0.9.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****

Vulnerable Software List

VendorProductVersions
Xmlsoft Libxml2 2.5.11, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.6, 2.6.7, 2.6.8, 2.6.9
Xmlsoft Libxml 1.8.17
Redhat Fedora Core core_2.0
Ubuntu Ubuntu Linux 4.1
Xmlstarlet Command Line Xml Toolkit 0.9.1
Trustix Secure Linux 2.0, 2.1

References

NameSourceURLTags
CLA-2004:890http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890CONECTIVA
APPLE-SA-2005-01-25http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.htmlAPPLE
20041026 libxml2 remote buffer overflows (not in xml parsing code though)http://marc.info/?l=bugtraq&m=109880813013482&w=2BUGTRAQ
13000http://secunia.com/advisories/13000SECUNIA
1011941http://securitytracker.com/id?1011941SECTRACK
P-029http://www.ciac.org/ciac/bulletins/p-029.shtmlCIAC
DSA-582http://www.debian.org/security/2004/dsa-582DEBIAN
GLSA-200411-05http://www.gentoo.org/security/en/glsa/glsa-200411-05.xmlGENTOO
SUSE-SR:2005:001http://www.novell.com/linux/security/advisories/2005_01_sr.htmlSUSE
11179http://www.osvdb.org/11179OSVDB
11180http://www.osvdb.org/11180OSVDB
11324http://www.osvdb.org/11324OSVDB
RHSA-2004:615http://www.redhat.com/support/errata/RHSA-2004-615.htmlREDHAT
RHSA-2004:650http://www.redhat.com/support/errata/RHSA-2004-650.htmlREDHAT
11526http://www.securityfocus.com/bid/11526BIDExploit Patch Vendor Advisory
libxml2-xmlnanoftpscanurl-bo(17870)https://exchange.xforce.ibmcloud.com/vulnerabilities/17870XF
libxml2-nanoftp-file-bo(17872)https://exchange.xforce.ibmcloud.com/vulnerabilities/17872XF
libxml2-xmlnanoftpscanproxy-bo(17875)https://exchange.xforce.ibmcloud.com/vulnerabilities/17875XF
libxml2-nanohttp-file-bo(17876)https://exchange.xforce.ibmcloud.com/vulnerabilities/17876XF
oval:org.mitre.oval:def:10505https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505OVAL
oval:org.mitre.oval:def:1173https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173OVAL
USN-89-1https://www.ubuntu.com/usn/usn-89-1/UBUNTU