SecuritySpace - CAN-2004-0989

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de CVE: CAN-2004-0989

Descripción: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Prueba de IDs: 1.3.6.1.4.1.25623.1.0.64702 1.3.6.1.4.1.25623.1.0.64701

Referencias Cruzadas: Common Vulnerability Exposure (CVE) ID: CVE-2004-0989
Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Conectiva Linux advisory: CLA-2004:890
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
Debian Security Information: DSA-582 (Google Search)
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
RedHat Security Advisories: RHSA-2004:615
http://www.redhat.com/support/errata/RHSA-2004-615.html
RedHat Security Advisories: RHSA-2004:650
http://www.redhat.com/support/errata/RHSA-2004-650.html
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2
Computer Incident Advisory Center Bulletin: P-029
http://www.ciac.org/ciac/bulletins/p-029.shtml
BugTraq ID: 11526
http://www.securityfocus.com/bid/11526
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505
http://securitytracker.com/id?1011941
http://secunia.com/advisories/13000
XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870)
http://xforce.iss.net/xforce/xfdb/17870
XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875)
http://xforce.iss.net/xforce/xfdb/17875
XForce ISS Database: libxml2-nanoftp-file-bo(17872)
http://xforce.iss.net/xforce/xfdb/17872
XForce ISS Database: libxml2-nanohttp-file-bo(17876)
http://xforce.iss.net/xforce/xfdb/17876

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de CVE:	CAN-2004-0989
Descripción:	Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Prueba de IDs:	1.3.6.1.4.1.25623.1.0.64702 1.3.6.1.4.1.25623.1.0.64701
Referencias Cruzadas:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0989 Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html Conectiva Linux advisory: CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 Debian Security Information: DSA-582 (Google Search) http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml RedHat Security Advisories: RHSA-2004:615 http://www.redhat.com/support/errata/RHSA-2004-615.html RedHat Security Advisories: RHSA-2004:650 http://www.redhat.com/support/errata/RHSA-2004-650.html SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2 Computer Incident Advisory Center Bulletin: P-029 http://www.ciac.org/ciac/bulletins/p-029.shtml BugTraq ID: 11526 http://www.securityfocus.com/bid/11526 http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505 http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870) http://xforce.iss.net/xforce/xfdb/17870 XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875) http://xforce.iss.net/xforce/xfdb/17875 XForce ISS Database: libxml2-nanoftp-file-bo(17872) http://xforce.iss.net/xforce/xfdb/17872 XForce ISS Database: libxml2-nanohttp-file-bo(17876) http://xforce.iss.net/xforce/xfdb/17876