CVE-2004-0989 - Secunia

CVE Reference: CVE-2004-0989
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0989

Description: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17870 http://xforce.iss.net/xforce/xfdb/17875 http://xforce.iss.net/xforce/xfdb/17872 http://xforce.iss.net/xforce/xfdb/17876 UBUNTU http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2 SUSE http://www.novell.com/linux/security/advisories/2005_01_sr.html ST 1011941 SAID Secunia Advisory: SA13000 REDHAT http://www.redhat.com/support/errata/RHSA-2004-650.html http://www.redhat.com/support/errata/RHSA-2004-615.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173 OSVDB 11180 11324 11179 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml DEBIAN http://www.debian.org/security/2004/dsa-582 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 CIAC http://www.ciac.org/ciac/bulletins/p-029.shtml BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2 BID 11526 APPLE http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

Return to the previous page.

CVE Reference: CVE-2004-0989

Secunia Customer Login

Not a customer already?