Test ID:	1.3.6.1.4.1.25623.1.0.51795
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-89-1 (libxml)
Summary:	Ubuntu 4.10 USN-89-1 (libxml)
Description:	The remote host is missing an update to libxml announced via advisory USN-89-1. Several buffer overflows have been discovered in libxml's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library for. Note: The same vulnerability was already fixed for libxml2 in USN-10-1. The following packages are affected: libxml1 Solution: The problem can be corrected by upgrading the affected package to version 1:1.8.17-8ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-89-1 Risk factor : Critical
Cross-Ref:	BugTraq ID: 11526 Common Vulnerability Exposure (CVE) ID: CVE-2004-0989 Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html Conectiva Linux advisory: CLA-2004:890 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 Debian Security Information: DSA-582 (Google Search) http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2 Computer Incident Advisory Center Bulletin: P-029 http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.securityfocus.com/bid/11526 http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505 http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870) http://xforce.iss.net/xforce/xfdb/17870 XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875) http://xforce.iss.net/xforce/xfdb/17875 XForce ISS Database: libxml2-nanoftp-file-bo(17872) http://xforce.iss.net/xforce/xfdb/17872 XForce ISS Database: libxml2-nanohttp-file-bo(17876) http://xforce.iss.net/xforce/xfdb/17876
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: