Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1767

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1767
Last Modified 30 Oct 2012 10:55:34
Published 23 May 2008 11:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1767

Summary

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

Vulnerable Systems

Operating System

  • Redhat Desktop 3

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux 5.0

  • Redhat Enterprise Linux Desktop 4

  • Redhat Enterprise Linux Desktop 5

  • Redhat Enterprise Linux Desktop Workstation 5

  • Redhat Linux Advanced Workstation 2.1


References

XF - libxslt-xsl-code-execution(42560)

XF - libxslt-xsl-bo(42560)

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-2094

VUPEN - ADV-2008-1580

UBUNTU - USN-633-1

SECTRACK - 1020071

BID - 31681

BID - 29312

REDHAT - RHSA-2008:0287

SUSE - SUSE-SR:2008:013

MANDRIVA - MDVSA-2008:151

CONFIRM - http://support.apple.com/kb/HT3298

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 32222

SECUNIA - 31363

SECUNIA - 31074

SECUNIA - 30717

SECUNIA - 30323

SECUNIA - 30315

APPLE - APPLE-SA-2008-10-09

APPLE - APPLE-SA-2008-07-11

APPLE - APPLE-SA-2008-11-13

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=527297

DEBIAN - DSA-1589

GENTOO - GLSA-200806-02

SECUNIA - 30521

SECUNIA - 30393

SECUNIA - 32706

Related Patches

Apple 2008-10-09 Security Update 2008-007 Client (PPC)

Apple 2008-10-09 Security Update 2008-007 Server (PPC)

Apple 2008-10-09 Security Update 2008-007 Client (Intel)

Apple 2008-10-09 Security Update 2008-007 Server (Universal)

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)

Apple 2008-10-09 Security Update 2008-007 Client (Leopard)


Last Updated: 27 May 2016 10:47:18