Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1425

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-1425
Last Modified 06 Sep 2011 11:15:55
Published 04 Apr 2011 08:27:57
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1425

Summary

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Vulnerable Systems

Application

  • Aleksey Xml Security Library 0.0.1

  • Aleksey Xml Security Library 0.0.10

  • Aleksey Xml Security Library 0.0.11

  • Aleksey Xml Security Library 0.0.12

  • Aleksey Xml Security Library 0.0.13

  • Aleksey Xml Security Library 0.0.14

  • Aleksey Xml Security Library 0.0.15

  • Aleksey Xml Security Library 0.0.2

  • Aleksey Xml Security Library 0.0.2a

  • Aleksey Xml Security Library 0.0.3

  • Aleksey Xml Security Library 0.0.4

  • Aleksey Xml Security Library 0.0.5

  • Aleksey Xml Security Library 0.0.6

  • Aleksey Xml Security Library 0.0.7

  • Aleksey Xml Security Library 0.0.8

  • Aleksey Xml Security Library 0.0.9

  • Aleksey Xml Security Library 0.1.0

  • Aleksey Xml Security Library 0.1.1

  • Aleksey Xml Security Library 1.0.0

  • Aleksey Xml Security Library 1.0.1

  • Aleksey Xml Security Library 1.0.2

  • Aleksey Xml Security Library 1.0.3

  • Aleksey Xml Security Library 1.0.4

  • Aleksey Xml Security Library 1.1.0

  • Aleksey Xml Security Library 1.1.1

  • Aleksey Xml Security Library 1.1.2

  • Aleksey Xml Security Library 1.2.0

  • Aleksey Xml Security Library 1.2.1

  • Aleksey Xml Security Library 1.2.10

  • Aleksey Xml Security Library 1.2.11

  • Aleksey Xml Security Library 1.2.13

  • Aleksey Xml Security Library 1.2.14

  • Aleksey Xml Security Library 1.2.15

  • Aleksey Xml Security Library 1.2.16

  • Aleksey Xml Security Library 1.2.2

  • Aleksey Xml Security Library 1.2.3

  • Aleksey Xml Security Library 1.2.4

  • Aleksey Xml Security Library 1.2.5

  • Aleksey Xml Security Library 1.2.6

  • Aleksey Xml Security Library 1.2.7

  • Aleksey Xml Security Library 1.2.8

  • Aleksey Xml Security Library 1.2.9

  • Apple Webkit


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=692133

MLIST - [xmlsec] 20110331 New xmlsec 1.2.17 release

CONFIRM - http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

CONFIRM - http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

CONFIRM - https://bugs.webkit.org/show_bug.cgi?id=52688

XF - xmlsecurity-xmlfiles-sec-bypass(66506)

VUPEN - ADV-2011-1172

VUPEN - ADV-2011-1010

VUPEN - ADV-2011-0858

VUPEN - ADV-2011-0855

SECTRACK - 1025284

BID - 47135

REDHAT - RHSA-2011:0486

MANDRIVA - MDVSA-2011:063

DEBIAN - DSA-2219

CONFIRM - http://trac.webkit.org/changeset/79159

SECUNIA - 44423

SECUNIA - 44167

SECUNIA - 43920


Last Updated: 27 May 2016 10:56:19