CVE-2011-1944

HIGH

Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

References

http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html

http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

http://secunia.com/advisories/44711

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://ubuntu.com/usn/usn-1153-1

http://www.debian.org/security/2011/dsa-2255

http://www.mandriva.com/security/advisories?name=MDVSA-2011:131

http://www.openwall.com/lists/oss-security/2011/05/31/8

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.osvdb.org/73248

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.securityfocus.com/bid/48056

https://bugzilla.redhat.com/show_bug.cgi?id=709747

Details

Source: MITRE

Published: 2011-09-02

Updated: 2016-06-17

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*

cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:* versions up to 1.8.16 (inclusive)

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
89109VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)NessusMisc.
critical
89037VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)NessusMisc.
high
81002Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)NessusWeb Servers
high
80957Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)NessusJunos Local Security Checks
high
75935openSUSE Security Update : libxml2 (openSUSE-SU-2011:0839-1)NessusSuSE Local Security Checks
high
75634openSUSE Security Update : libxml2 (openSUSE-SU-2011:0839-1)NessusSuSE Local Security Checks
high
70884ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)NessusMisc.
high
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
68429Oracle Linux 5 : libxml2 (ELSA-2012-0017)NessusOracle Linux Local Security Checks
high
65968FreeBSD : libxml -- Integer overflow (7be92050-a450-11e2-9898-001060e06fd4)NessusFreeBSD Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
62324Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)NessusFedora Local Security Checks
high
62323Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820)NessusFedora Local Security Checks
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
61217Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61192Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59067Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)NessusMacOS X Local Security Checks
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
58903VMSA-2012-0008 : VMware ESX updates to ESX Service ConsoleNessusVMware ESX Local Security Checks
high
57492RHEL 5 : libxml2 (RHSA-2012:0017)NessusRed Hat Local Security Checks
high
57487CentOS 5 : libxml2 (CESA-2012:0017)NessusCentOS Local Security Checks
high
57223SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7600)NessusSuSE Local Security Checks
high
57022RHEL 6 : libxml2 (RHSA-2011:1749)NessusRed Hat Local Security Checks
critical
56660GLSA-201110-26 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
56085Mandriva Linux Security Advisory : libxml (MDVSA-2011:131-1)NessusMandriva Local Security Checks
high
55698SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7601)NessusSuSE Local Security Checks
high
55697SuSE 11.1 Security Update : libxml2 (SAT Patch Number 4813)NessusSuSE Local Security Checks
high
55495Fedora 14 : libxml-1.8.17-27.fc14 (2011-7856)NessusFedora Local Security Checks
high
55492Fedora 15 : libxml-1.8.17-27.fc15 (2011-7820)NessusFedora Local Security Checks
high
55168Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libxml2 vulnerability (USN-1153-1)NessusUbuntu Local Security Checks
high