Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2414

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2414
Last Modified 24 Oct 2014 01:42:12
Published 11 Aug 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2414

Summary

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

Vulnerable Systems

Application

  • Xmlsoft Libxml 1.8.17

  • Xmlsoft Libxml2 2.5.10

  • Xmlsoft Libxml2 2.6.16

  • Xmlsoft Libxml2 2.6.26

  • Xmlsoft Libxml2 2.6.27

  • Xmlsoft Libxml2 2.6.32


References

DEBIAN - DSA-1859

FEDORA - FEDORA-2009-8580

FEDORA - FEDORA-2009-8498

FEDORA - FEDORA-2009-8491

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=515195

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-3217

VUPEN - ADV-2009-3184

VUPEN - ADV-2009-2420

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-815-1

BID - 36010

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

MISC - http://www.networkworld.com/columnists/2009/080509-xml-flaw.html

MLIST - [debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion

MISC - http://www.codenomicon.com/labs/xml/

MISC - http://www.cert.fi/en/reports/2009/vulnerability2009085.html

CONFIRM - http://support.apple.com/kb/HT4225

CONFIRM - http://support.apple.com/kb/HT3949

CONFIRM - http://support.apple.com/kb/HT3937

SECUNIA - 37471

SECUNIA - 37346

SECUNIA - 36417

SECUNIA - 36338

SECUNIA - 36207

SUSE - SUSE-SR:2009:015

APPLE - APPLE-SA-2010-06-21-1

APPLE - APPLE-SA-2009-11-11-1

APPLE - APPLE-SA-2009-11-09-1

CONFIRM - http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

CONFIRM - https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59

CONFIRM - http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html

SECUNIA - 36631

SECUNIA - 35036

Related Patches

Apple 2009-11-09 Mac OS X v10.6.2 Update

Apple 2009-11-11 Safari Update 4.0.4 (Tiger)


Last Updated: 27 May 2016 10:52:00