Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20121129_LIBXML2_ON_SL5_X.NASL
HistoryNov 30, 2012 - 12:00 a.m.

Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20121129)

2012-11-3000:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134)

The desktop must be restarted (log out, then log back in) for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(63106);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-5134");

  script_name(english:"Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20121129)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A heap-based buffer underflow flaw was found in the way libxml2
decoded certain entities. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2012-5134)

The desktop must be restarted (log out, then log back in) for this
update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1211&L=scientific-linux-errata&T=0&P=2504
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bbe1459c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-static");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"libxml2-2.6.26-2.1.15.el5_8.6")) flag++;
if (rpm_check(release:"SL5", reference:"libxml2-debuginfo-2.6.26-2.1.15.el5_8.6")) flag++;
if (rpm_check(release:"SL5", reference:"libxml2-devel-2.6.26-2.1.15.el5_8.6")) flag++;
if (rpm_check(release:"SL5", reference:"libxml2-python-2.6.26-2.1.15.el5_8.6")) flag++;

if (rpm_check(release:"SL6", reference:"libxml2-2.7.6-8.el6_3.4")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-debuginfo-2.7.6-8.el6_3.4")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-devel-2.7.6-8.el6_3.4")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-python-2.7.6-8.el6_3.4")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-static-2.7.6-8.el6_3.4")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxlibxml2p-cpe:/a:fermilab:scientific_linux:libxml2
fermilabscientific_linuxlibxml2-debuginfop-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo
fermilabscientific_linuxlibxml2-develp-cpe:/a:fermilab:scientific_linux:libxml2-devel
fermilabscientific_linuxlibxml2-pythonp-cpe:/a:fermilab:scientific_linux:libxml2-python
fermilabscientific_linuxlibxml2-staticp-cpe:/a:fermilab:scientific_linux:libxml2-static
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

securityvulns 7
nessus 35
openvas 44
veracode 1
suse 6
vmware 2
ubuntu 1
prion 1
debian 1
centos 2
osv 1
slackware 1
cvelist 1
oraclelinux 3
redhat 2
cve 1
amazon 1
ubuntucve 1
debiancve 1
threatpost 2
freebsd 1
gentoo 1
seebug 1
chrome 1
tenable 1
securityvulns
securityvulns
libxml2 buffer overflow
2012-12-06 00:00:00
Apple iTunes multiple security vulnerabilities
2014-01-29 00:00:00
APPLE-SA-2014-01-22-1 iTunes 11.1.4
2014-01-29 00:00:00
nessus
nessus
SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8392)
2012-12-13 00:00:00
CentOS 5 / 6 : libxml2 (CESA-2012:1512)
2012-11-30 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1656-1)
2012-12-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 2580-1 (libxml2)
2012-12-04 00:00:00
RedHat Update for libxml2 RHSA-2012:1512-01
2012-12-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1636-1)
2021-06-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:50:59
suse
suse
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
libxml2: fixed buffer overflow during decoding entities (important)
2013-01-23 14:07:38
Security update for libxml2 (important)
2012-12-12 17:09:09
vmware
vmware
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
ubuntu
ubuntu
Libxml2 vulnerability
2012-12-06 00:00:00
prion
prion
Heap overflow
2012-11-28 01:55:00
debian
debian
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:50
centos
centos
libxml2 security update
2012-11-29 20:24:03
mingw32 security update
2013-02-01 00:53:30
osv
osv
libxml2 - buffer overflow
2012-12-02 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
cvelist
cvelist
CVE-2012-5134
2012-11-28 01:00:00
oraclelinux
oraclelinux
libxml2 security update
2012-11-29 00:00:00
libxml2 security update
2013-02-28 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
redhat
redhat
(RHSA-2012:1512) Important: libxml2 security update
2012-11-29 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
cve
cve
CVE-2012-5134
2012-11-28 01:55:00
amazon
amazon
Important: libxml2
2012-12-06 21:22:00
ubuntucve
ubuntucve
CVE-2012-5134
2012-11-27 00:00:00
debiancve
debiancve
CVE-2012-5134
2012-11-28 01:55:00
threatpost
threatpost
Apple's iOS 7 Update Fixes 80 Security Bugs
2013-09-19 12:53:59
Google Repairs High-Risk Flaw in Chrome
2012-11-27 17:07:25
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-11-26 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2013-11-10 00:00:00
seebug
seebug
Google Chrome 23.0.1271.91δΉ‹ε‰η‰ˆζœ¬ε€šδΈͺθΏœη¨‹ζΌζ΄ž
2012-11-27 00:00:00
chrome
chrome
Stable Channel Update
2012-11-26 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
JSON
Related for SL_20121129_LIBXML2_ON_SL5_X.NASL
securityvulns7nessus35openvas44veracode1suse6vmware2ubuntu1prion1debian1centos2osv1slackware1cvelist1oraclelinux3redhat2cve1amazon1ubuntucve1debiancve1threatpost2freebsd1gentoo1seebug1chrome1tenable1