69205 : Libxml2 Crafted XML File XPath Axis Traversal Invalid Memory Access Issue
Printer | http://osvdb.org/69205 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
11	1116	over 2 years ago	about 1 month ago	12 times	100%

Timeline

Disclosure Date
2010-10-15

Time to Patch	Time to Vendor Response
4 days	1 days

Description

Libxml2 contains a flaw in the 'xmlXPathNextPrecedingSibling', 'xmlNodePtr', and 'xmlXPathNextPrecedingInternal' functions [xpath.c] that is triggered when processing namespace and attributes nodes. With a specially crafted XML file, an attacker can crash an application linked against the library and potentially execute arbitrary code.

Classification

Location: Local / Remote
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: PoC Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version 2.7.8, or higher, to address this vulnerability.

Upgrade to Google Chrome version 7.0.517.44, Apple Safari version 5.0.4, Apple iTunes version 10.2, Apple Mac OS X version 10.6.7 or apply Security Update 2011-001, and Lotus Symphony version 3.0.0 Fix Pack 2, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

IBM Corporation

Lotus Symphony

3.0 Fix Pack 1

XMLSoft

Libxml2

2.7.7

Google, Inc.

Chrome

7.0.517.43

Apple Inc.	Mac OS X	10.6.3
		10.6.0
		10.6.1
		10.6.5
		10.6.3
		10.6.6
		10.6.2
		10.6.4
	Safari	5.0.3
	iTunes	10.1.2

References

CVE ID: 2010-4008 (see also: NVD)
Secunia Advisory ID: 42109 42166 42175 42312 42314 42429 42563 43582 43696 43814 44202 46601 47147 47538 48959 49858 49930 52051 52437
SCIP VulDB ID: 4214
Other Advisory URL: http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
http://support.apple.com/kb/HT4566
Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=58731
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://security.gentoo.org/glsa/glsa-201110-26.xml
http://www.vmware.com/security/advisories/VMSA-2012-0008.html
https://www.ibm.com/support/docview.wss?uid=swg21496070
Mail List Post: http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Packet Storm: http://packetstormsecurity.org/files/112296/VMware-Security-Advisory-2012-0008.html
Vendor Specific Advisory URL: http://support.apple.com/kb/HT1222
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2128
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-11-767
http://www.ubuntu.com/usn/usn-1016-1
http://www.vmware.com/security/advisories/VMSA-2012-0012.html
http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_XRX12-009_v1.1.pdf
http://www.xerox.com/download/security/security-bulletin/16cd0-4ccb9d5fd3580/cert_XRX12-010_FFPSv8_v1.1.pdf
News Article: http://www.scmagazineus.com/apple-issues-slew-of-patches/article/198899/
Vendor Specific Solution URL: https://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
https://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
RedHat RHSA: RHSA-2011:1749 RHSA-2012:0017 RHSA-2013:0217

Tools & Filters

	52534 52535 52613
	5813 5814

Credit

Bui Quang Minh - Bkis

CVSSv2 Score

CVSSv2 Base Score = 4.3
Source: nvd.nist.gov | Generated: 2010-11-17 | Disagree? | There are 1 more: View All

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.