Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3529

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3529
Last Modified 07 Mar 2011 10:10:56
Published 12 Sep 2008 12:56:20
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3529

Summary

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Vulnerable Systems

Application

  • Xmlsoft Libxml2 2.4.30

  • Xmlsoft Libxml2 2.5.7

  • Xmlsoft Libxml2 2.5.8

  • Xmlsoft Libxml2 2.6.11

  • Xmlsoft Libxml2 2.6.13

  • Xmlsoft Libxml2 2.6.14

  • Xmlsoft Libxml2 2.6.16

  • Xmlsoft Libxml2 2.6.17

  • Xmlsoft Libxml2 2.6.18

  • Xmlsoft Libxml2 2.6.20

  • Xmlsoft Libxml2 2.6.22

  • Xmlsoft Libxml2 2.6.27

  • Xmlsoft Libxml2 2.6.30

  • Xmlsoft Libxml2 2.6.6

  • Xmlsoft Libxml2 2.6.9


References

CERT - TA09-133A

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=461015

MISC - http://xmlsoft.org/news.html

XF - libxml2-entitynames-bo(45085)

VUPEN - ADV-2009-1621

VUPEN - ADV-2009-1522

VUPEN - ADV-2009-1298

VUPEN - ADV-2009-1297

VUPEN - ADV-2008-2822

UBUNTU - USN-644-1

UBUNTU - USN-815-1

BID - 31126

REDHAT - RHSA-2008:0886

REDHAT - RHSA-2008:0884

MILW0RM - 8798

MANDRIVA - MDVSA-2008:192

DEBIAN - DSA-1654

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0325

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3613

CONFIRM - http://support.apple.com/kb/HT3550

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 265329

SUNALERT - 261688

SUNALERT - 247346

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

SECTRACK - 1020855

GENTOO - GLSA-200812-06

SECUNIA - 36235

SECUNIA - 36173

SECUNIA - 35379

SECUNIA - 35074

SECUNIA - 35056

SECUNIA - 33722

SECUNIA - 33715

SECUNIA - 32974

SECUNIA - 32807

SECUNIA - 32280

SECUNIA - 32265

SECUNIA - 31982

SECUNIA - 31868

SECUNIA - 31860

SECUNIA - 31855

SECUNIA - 31558

SUSE - SUSE-SR:2008:018

APPLE - APPLE-SA-2009-05-12

APPLE - APPLE-SA-2009-06-17-1

APPLE - APPLE-SA-2009-06-08-1

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Apple 2009-05-12 Safari Update 3.2.3 (Leopard)

Apple 2009-05-12 Safari Update 3.2.3 (Tiger)

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:48:13