Lucene search
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1016-1.NASLHistoryNov 11, 2010 - 12:00 a.m.
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : libxml2 vulnerability (USN-1016-1)
2010-11-1100:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
Bui Quang Minh discovered that libxml2 did not properly process XPath namespaces and attributes. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1016-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(50560);
script_version("1.12");
script_cvs_date("Date: 2019/09/19 12:54:26");
script_cve_id("CVE-2010-4008");
script_xref(name:"USN", value:"1016-1");
script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : libxml2 vulnerability (USN-1016-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Bui Quang Minh discovered that libxml2 did not properly process XPath
namespaces and attributes. If an application using libxml2 opened a
specially crafted XML file, an attacker could cause a denial of
service or possibly execute code as the user invoking the program.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/1016-1/"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-libxml2-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-libxml2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"6.06", pkgname:"libxml2", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxml2-dbg", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxml2-dev", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxml2-doc", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxml2-utils", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"python-libxml2", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"python2.4-libxml2", pkgver:"2.6.24.dfsg-1ubuntu1.6")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxml2", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxml2-dbg", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxml2-dev", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxml2-doc", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libxml2-utils", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"python-libxml2", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"python-libxml2-dbg", pkgver:"2.6.31.dfsg-2ubuntu1.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libxml2", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libxml2-dbg", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libxml2-dev", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libxml2-doc", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libxml2-utils", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"python-libxml2", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"python-libxml2-dbg", pkgver:"2.7.5.dfsg-1ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libxml2", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libxml2-dbg", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libxml2-dev", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libxml2-doc", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libxml2-utils", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"python-libxml2", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"python-libxml2-dbg", pkgver:"2.7.6.dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libxml2", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libxml2-dbg", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libxml2-dev", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libxml2-doc", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libxml2-utils", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"python-libxml2", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"python-libxml2-dbg", pkgver:"2.7.7.dfsg-4ubuntu0.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-dbg / libxml2-dev / libxml2-doc / libxml2-utils / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libxml2 | p-cpe:/a:canonical:ubuntu_linux:libxml2 |
| canonical | ubuntu_linux | libxml2-dbg | p-cpe:/a:canonical:ubuntu_linux:libxml2-dbg |
| canonical | ubuntu_linux | libxml2-dev | p-cpe:/a:canonical:ubuntu_linux:libxml2-dev |
| canonical | ubuntu_linux | libxml2-doc | p-cpe:/a:canonical:ubuntu_linux:libxml2-doc |
| canonical | ubuntu_linux | libxml2-utils | p-cpe:/a:canonical:ubuntu_linux:libxml2-utils |
| canonical | ubuntu_linux | python-libxml2 | p-cpe:/a:canonical:ubuntu_linux:python-libxml2 |
| canonical | ubuntu_linux | python-libxml2-dbg | p-cpe:/a:canonical:ubuntu_linux:python-libxml2-dbg |
| canonical | ubuntu_linux | python2.4-libxml2 | p-cpe:/a:canonical:ubuntu_linux:python2.4-libxml2 |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 10.10 | cpe:/o:canonical:ubuntu_linux:10.10 |
Related
nessus
nessus
Debian DSA-2128-1 : libxml2 - invalid memory access
2010-12-02 00:00:00
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)
2015-01-19 00:00:00
SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7214)
2010-12-02 00:00:00
openvas
openvas
Apple Safari libxml Denial of Service Vulnerability
2010-11-23 00:00:00
Debian: Security Advisory (DSA-2128-1)
2023-03-08 00:00:00
Ubuntu Update for libxml2 vulnerability USN-1016-1
2010-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2010-4008
2010-11-08 00:00:00
cve
cve
CVE-2010-4008
2010-11-17 01:00:00
CVE-2010-4200
2010-11-06 00:00:00
veracode
veracode
Denial Of Service (Dos)
2019-01-15 08:55:09
osv
osv
libxml2 - potential code execution
2010-12-01 00:00:00
securityvulns
securityvulns
[USN-1016-1] libxml2 vulnerability
2010-11-15 00:00:00
libxml2 memory corruption
2010-11-15 00:00:00
HP System Management Homepage multiple security vulnerabilities
2011-04-26 00:00:00
debiancve
debiancve
CVE-2010-4008
2010-11-17 01:00:00
prion
prion
Design/Logic Flaw
2010-11-17 01:00:00
Design/Logic Flaw
2010-11-06 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2010-11-10 00:00:00
debian
debian
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution
2010-12-01 20:15:40
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution
2010-12-01 20:15:40
gentoo
gentoo
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2012-01-11 00:00:00
libxml2 security and bug fix update
2011-12-14 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
redhat
redhat
(RHSA-2011:1749) Low: libxml2 security and bug fix update
2011-12-06 00:00:00
(RHSA-2012:0017) Important: libxml2 security update
2012-01-11 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
centos
centos
libxml2 security update
2012-01-11 19:19:14
mingw32 security update
2013-02-01 00:53:30
vmware
vmware
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESX updates to ESX Service Console
2012-04-26 00:00:00
VMware ESXi update to third party library
2012-07-12 00:00:00
freebsd
freebsd
openoffice.org -- Multiple vulnerabilities
2010-08-04 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
Related for UBUNTU_USN-1016-1.NASL