Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6284

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6284
Last Modified 07 Mar 2011 10:02:19
Published 11 Jan 2008 09:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6284

Summary

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Vulnerable Systems

Operating System

  • Debian Linux 3.1

  • Debian Linux 4.0

  • Mandrakesoft Mandrake Linux 2007

  • Mandrakesoft Mandrake Linux 2007.1

  • Mandrakesoft Mandrake Linux 2008.0

  • Mandrakesoft Mandrake Linux Corporate Server 3.0

  • Mandrakesoft Mandrake Linux Corporate Server 4.0

  • Redhat Fedora 7

  • Redhat Fedora 8


References

REDHAT - RHSA-2008:0032

FEDORA - FEDORA-2008-0477

FEDORA - FEDORA-2008-0462

CONFIRM - https://issues.rpath.com/browse/RPL-2121

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=425927

CONFIRM - http://www.xmlsoft.org/news.html

VUPEN - ADV-2008-2094

VUPEN - ADV-2008-1033

VUPEN - ADV-2008-0144

VUPEN - ADV-2008-0117

UBUNTU - USN-569-1

BID - 27248

BUGTRAQ - 20080115 rPSA-2008-0017-1 libxml2

SUSE - SUSE-SR:2008:002

MANDRIVA - MDVSA-2008:010

DEBIAN - DSA-1461

SUNALERT - 103201

SECTRACK - 1019181

GENTOO - GLSA-200801-20

SECUNIA - 31074

SECUNIA - 28716

SECUNIA - 28636

SECUNIA - 28475

SECUNIA - 28470

SECUNIA - 28466

SECUNIA - 28458

SECUNIA - 28452

SECUNIA - 28450

SECUNIA - 28444

SECUNIA - 28439

APPLE - APPLE-SA-2008-07-11

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=202628

BUGTRAQ - 20080329 VMSA-2008-0006 Updated libxml2 service console package

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm

SUNALERT - 201514

SECUNIA - 29591

SECUNIA - 28740

MLIST - [Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package


Last Updated: 27 May 2016 10:46:26