FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0989

This CVE name corresponds to:

Entered Topic
2004-11-09 libxml -- remote buffer overflows

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0989 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0989
Phase Assigned(20041027)

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

References

Source Reference
BUGTRAQ 20041026 libxml2 remote buffer overflows (not in xml parsing code though)
APPLE APPLE-SA-2005-01-25
CONECTIVA CLA-2004:890
DEBIAN DSA-582
GENTOO GLSA-200411-05
REDHAT RHSA-2004:615
REDHAT RHSA-2004:650
SUSE SUSE-SR:2005:001
UBUNTU USN-89-1
CIAC P-029
BID 11526
OSVDB 11179
OSVDB 11180
OSVDB 11324
OVAL oval:org.mitre.oval:def:1173
OVAL oval:org.mitre.oval:def:10505
SECTRACK 1011941
SECUNIA 13000
XF libxml2-xmlnanoftpscanurl-bo(17870)
XF libxml2-xmlnanoftpscanproxy-bo(17875)
XF libxml2-nanoftp-file-bo(17872)
XF libxml2-nanohttp-file-bo(17876)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.