Test ID:	1.3.6.1.4.1.25623.1.0.51382
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:890
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:890. The XML C library[1] (libxml2) is used by many programs to load and save extensible data structures or to manipulate several kinds of XML files. This update fixes a buffer overflow vulnerability[2,3] in the URI parsing code found by infamous41md at the nanoftp and nanohttp modules of libxml2. An attacker may exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. Depending of the scenario where this application is used, this vulnerability can be remotely exploitable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://xmlsoft.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989 http://www.securityfocus.com/archive/1/379383 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 11526 Common Vulnerability Exposure (CVE) ID: CVE-2004-0989 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://www.securityfocus.com/bid/11526 Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search) http://marc.info/?l=bugtraq&m=109880813013482&w=2 Computer Incident Advisory Center Bulletin: P-029 http://www.ciac.org/ciac/bulletins/p-029.shtml Conectiva Linux advisory: CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 Debian Security Information: DSA-582 (Google Search) http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html https://www.ubuntu.com/usn/usn-89-1/ XForce ISS Database: libxml2-nanoftp-file-bo(17872) https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 XForce ISS Database: libxml2-nanohttp-file-bo(17876) https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875) https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870) https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.