Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2008-0988.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.019

Percentile

88.4%

JSON

From Red Hat Security Advisory 2008:0988 :

Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files.

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2008-4226)

A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)

Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.

Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2008:0988 and 
# Oracle Linux Security Advisory ELSA-2008-0988 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67769);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-4225", "CVE-2008-4226");
  script_xref(name:"RHSA", value:"2008:0988");

  script_name(english:"Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2008:0988 :

Updated libxml2 packages that fix security issues are now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

libxml2 is a library for parsing and manipulating XML files. It
includes support for reading, modifying, and writing XML and HTML
files.

An integer overflow flaw causing a heap-based buffer overflow was
found in the libxml2 XML parser. If an application linked against
libxml2 processed untrusted, malformed XML content, it could cause the
application to crash or, possibly, execute arbitrary code.
(CVE-2008-4226)

A denial of service flaw was discovered in the libxml2 XML parser. If
an application linked against libxml2 processed untrusted, malformed
XML content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)

Red Hat would like to thank Drew Yao of the Apple Product Security
team for reporting these issues.

Users of libxml2 are advised to upgrade to these updated packages,
which contain backported patches to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000803.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000804.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000805.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxml2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/11/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL3", cpu:"i386", reference:"libxml2-2.5.10-14.0.1")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"libxml2-2.5.10-14.0.1")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"libxml2-devel-2.5.10-14.0.1")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"libxml2-devel-2.5.10-14.0.1")) flag++;
if (rpm_check(release:"EL3", cpu:"i386", reference:"libxml2-python-2.5.10-14.0.1")) flag++;
if (rpm_check(release:"EL3", cpu:"x86_64", reference:"libxml2-python-2.5.10-14.0.1")) flag++;

if (rpm_check(release:"EL4", reference:"libxml2-2.6.16-12.6.0.1")) flag++;
if (rpm_check(release:"EL4", reference:"libxml2-devel-2.6.16-12.6.0.1")) flag++;
if (rpm_check(release:"EL4", reference:"libxml2-python-2.6.16-12.6.0.1")) flag++;

if (rpm_check(release:"EL5", reference:"libxml2-2.6.26-2.1.2.7.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"libxml2-devel-2.6.26-2.1.2.7.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"libxml2-python-2.6.26-2.1.2.7.0.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-devel / libxml2-python");
}
VendorProductVersionCPE
oraclelinuxlibxml2p-cpe:/a:oracle:linux:libxml2
oraclelinuxlibxml2-develp-cpe:/a:oracle:linux:libxml2-devel
oraclelinuxlibxml2-pythonp-cpe:/a:oracle:linux:libxml2-python
oraclelinux3cpe:/o:oracle:linux:3
oraclelinux4cpe:/o:oracle:linux:4
oraclelinux5cpe:/o:oracle:linux:5

Related

openvas 64
altlinux 2
centos 2
nessus 55
fedora 4
slackware 1
oraclelinux 1
redhat 1
debian 1
freebsd 1
ubuntu 1
osv 1
vmware 2
cvelist 2
prion 2
cve 2
debiancve 2
nvd 2
ubuntucve 2
seebug 1
gentoo 1
securityvulns 3
openvas
openvas
Ubuntu Update for libxml2 vulnerabilities USN-673-1
2009-03-23 00:00:00
FreeBSD Ports: libxml2
2008-11-24 00:00:00
Ubuntu: Security Advisory (USN-673-1)
2009-03-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
centos
centos
libxml2 security update
2008-11-17 23:54:51
libxml2 security update
2008-11-24 00:43:15
nessus
nessus
Fedora 10 : libxml2-2.7.2-2.fc10 (2008-10038)
2012-09-24 00:00:00
Fedora 9 : libxml2-2.7.2-2.fc9 (2008-9773)
2008-11-21 00:00:00
Fedora 8 : libxml2-2.7.2-2.fc8 (2008-9729)
2008-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: libxml2-2.7.2-2.fc10
2008-11-22 16:50:52
[SECURITY] Fedora 8 Update: libxml2-2.7.2-2.fc8
2008-11-19 14:51:06
[SECURITY] Fedora 9 Update: libxml2-2.7.2-2.fc9
2008-11-19 14:55:44
slackware
slackware
[slackware-security] libxml2
2008-11-20 03:51:12
oraclelinux
oraclelinux
libxml2 security update
2008-11-17 00:00:00
redhat
redhat
(RHSA-2008:0988) Important: libxml2 security update
2008-11-17 00:00:00
debian
debian
[SECURITY] [DSA 1666-1] New libxml2 packages fix several vulnerabilities
2008-11-17 23:34:04
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2008-11-18 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2008-11-19 00:00:00
osv
osv
libxml2 - several vulnerabilities
2008-11-17 00:00:00
vmware
vmware
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
cvelist
cvelist
CVE-2008-4225
2008-11-25 23:00:00
CVE-2008-4226
2008-11-25 23:00:00
prion
prion
Integer overflow
2008-11-25 23:30:00
Integer overflow
2008-11-25 23:30:00
cve
cve
CVE-2008-4225
2008-11-25 23:30:00
CVE-2008-4226
2008-11-25 23:30:00
debiancve
debiancve
CVE-2008-4225
2008-11-25 23:30:00
CVE-2008-4226
2008-11-25 23:30:00
nvd
nvd
CVE-2008-4225
2008-11-25 23:30:00
CVE-2008-4226
2008-11-25 23:30:00
ubuntucve
ubuntucve
CVE-2008-4226
2008-11-25 00:00:00
CVE-2008-4225
2008-11-25 00:00:00
seebug
seebug
libxml2 xmlSAX2Characters()ε‡½ζ•°ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-11-20 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00
securityvulns
securityvulns
libxml library DoS
2008-08-25 00:00:00
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code, Unauthorized Access
2010-04-26 00:00:00
HP System Management Homepage multiple security vulnerabilities
2010-05-20 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.019

Percentile

88.4%

JSON
Related for ORACLELINUX_ELSA-2008-0988.NASL
openvas64altlinux2centos2nessus55fedora4slackware1oraclelinux1redhat1debian1freebsd1ubuntu1osv1vmware2cvelist2prion2cve2debiancve2nvd2ubuntucve2seebug1gentoo1securityvulns3