Mandrake Linux Security Advisory : libxml/libxml2 (MDKSA-2004:127)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Multiple buffer overflows were reported in the libxml XML parsing
library. These vulnerabilities may allow remote attackers to execute
arbitrary code via a long FTP URL that is not properly handled by the
xmlNanoFTPScanURL() function, a long proxy URL containing FTP data
that is not properly handled by the xmlNanoFTPScanProxy() function,
and other overflows in the code that resolves names via DNS.

The updated packages have been patched to prevent these issues.

See also :

http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15638 (mandrake_MDKSA-2004-127.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0989

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now