Detections
Analytics
CVE-2004-0989
critical
Description
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References
https://www.ubuntu.com/usn/usn-89-1/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
http://www.redhat.com/support/errata/RHSA-2004-650.html
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.debian.org/security/2004/dsa-582
http://www.ciac.org/ciac/bulletins/p-029.shtml
http://securitytracker.com/id?1011941
http://secunia.com/advisories/13000
http://marc.info/?l=bugtraq&m=109880813013482&w=2
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890