FreeBSD : libxml2 -- two vulnerabilities (d71da236-9a94-11dd-8f42-001c2514716c)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Two vulnerabilities have been reported in Libxml2, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.

1) A recursion error exists when processing certain XML content. This
can be exploited to e.g. exhaust all available memory and CPU
resources by tricking an application using Libxml2 into processing
specially crafted XML documents.

2) A boundary error in the processing of long XML entity names in
parser.c can be exploited to cause a heap-based buffer overflow when
specially crafted XML content is parsed.

Successful exploitation may allow execution of arbitrary code.

See also :

http://www.nessus.org/u?4bfc29c6

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34416 (freebsd_pkg_d71da2369a9411dd8f42001c2514716c.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3281
CVE-2008-3529

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now