CVE Reference: CVE-2004-0989

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2004-0989

Description:
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/17870
  http://xforce.iss.net/xforce/xfdb/17875
  http://xforce.iss.net/xforce/xfdb/17872
  http://xforce.iss.net/xforce/xfdb/17876

UBUNTU
  http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2

SUSE
  http://www.novell.com/linux/security/advisories/2005_01_sr.html

ST
  1011941

SAID
  Secunia Advisory: SA13000

REDHAT
  http://www.redhat.com/support/errata/RHSA-2004-650.html
  http://www.redhat.com/support/errata/RHSA-2004-615.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173

OSVDB
  11180
  11324
  11179

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml

DEBIAN
  http://www.debian.org/security/2004/dsa-582

CONECTIVA
  http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890

CIAC
  http://www.ciac.org/ciac/bulletins/p-029.shtml

BUGTRAQ
  http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2

BID
  11526

APPLE
  http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html


Return to the previous page.