Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0110

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0110
Last Modified 21 Aug 2010 12:19:35
Published 15 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0110

Summary

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

Vulnerable Systems

Application

  • Sgi Propack 2.3

  • Sgi Propack 2.4

  • Xmlsoft Libxml 1.8.17

  • Xmlsoft Libxml2 2.4.19

  • Xmlsoft Libxml2 2.4.23

  • Xmlsoft Libxml2 2.5.10

  • Xmlsoft Libxml2 2.5.11

  • Xmlsoft Libxml2 2.5.4

  • Xmlsoft Libxml2 2.6.0

  • Xmlsoft Libxml2 2.6.1

  • Xmlsoft Libxml2 2.6.2

  • Xmlsoft Libxml2 2.6.3

  • Xmlsoft Libxml2 2.6.4

  • Xmlsoft Libxml2 2.6.5


References

CERT-VN - VU#493966

XF - libxml2-nanohttp-bo(15301)

BID - 9718

REDHAT - RHSA-2004:090

BUGTRAQ - 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)

XF - libxml2-nanoftp-bo(15302)

REDHAT - RHSA-2004:091

DEBIAN - DSA-455

CIAC - O-086

GENTOO - GLSA-200403-01

SECUNIA - 10958

CONFIRM - http://www.xmlsoft.org/news.html

REDHAT - RHSA-2004:650

SUSE - SUSE-SR:2005:001

BUGTRAQ - 20040306 TSLSA-2004-0010 - libxml2


Last Updated: 27 May 2016 10:38:28