Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:840301
HistoryMar 23, 2009 - 12:00 a.m.

Ubuntu Update for libxml2 vulnerabilities USN-673-1

2009-03-2300:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
21

0.019 Low

EPSS

Percentile

88.4%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-673-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_673_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for libxml2 vulnerabilities USN-673-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Drew Yao discovered that libxml2 did not correctly handle certain corrupt
  XML documents.  If a user or automated system were tricked into processing
  a malicious XML document, a remote attacker could cause applications
  linked against libxml2 to enter an infinite loop, leading to a denial
  of service. (CVE-2008-4225)

  Drew Yao discovered that libxml2 did not correctly handle large memory
  allocations.  If a user or automated system were tricked into processing a
  very large XML document, a remote attacker could cause applications linked
  against libxml2 to crash, leading to a denial of service. (CVE-2008-4226)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-673-1";
tag_affected = "libxml2 vulnerabilities on Ubuntu 6.06 LTS ,
  Ubuntu 7.10 ,
  Ubuntu 8.04 LTS ,
  Ubuntu 8.10";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-673-1/");
  script_id(840301);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name: "USN", value: "673-1");
  script_cve_id("CVE-2008-4225", "CVE-2008-4226");
  script_name( "Ubuntu Update for libxml2 vulnerabilities USN-673-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-libxml2", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.6.24.dfsg-1ubuntu1.4", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.10")
{

  if ((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2-dbg", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.6.32.dfsg-4ubuntu1.1", rls:"UBUNTU8.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2-dbg", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.6.31.dfsg-2ubuntu1.3", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU7.10")
{

  if ((res = isdpkgvuln(pkg:"libxml2-dbg", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-dev", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-utils", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2-dbg", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-libxml2", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libxml2-doc", ver:"2.6.30.dfsg-2ubuntu1.4", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

openvas 63
nessus 56
fedora 4
altlinux 2
osv 1
ubuntu 1
freebsd 1
oraclelinux 1
redhat 1
centos 2
slackware 1
debian 1
vmware 2
ubuntucve 2
cvelist 2
prion 2
cve 2
debiancve 2
nvd 2
gentoo 1
seebug 1
securityvulns 3
openvas
openvas
Mandriva Update for libxml2 MDVSA-2008:231 (libxml2)
2009-04-09 00:00:00
CentOS Update for libxml2 CESA-2008:0988 centos3 i386
2009-02-27 00:00:00
CentOS Update for libxml2 CESA-2008:0988 centos3 x86_64
2009-02-27 00:00:00
nessus
nessus
FreeBSD : libxml2 -- multiple vulnerabilities (f1e0164e-b67b-11dd-a55e-00163e000016)
2008-11-21 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : libxml2 (SSA:2008-324-01)
2008-11-21 00:00:00
CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988)
2009-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: libxml2-2.7.2-2.fc10
2008-11-22 16:50:52
[SECURITY] Fedora 9 Update: libxml2-2.7.2-2.fc9
2008-11-19 14:55:44
[SECURITY] Fedora 8 Update: libxml2-2.7.2-2.fc8
2008-11-19 14:51:06
altlinux
altlinux
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
osv
osv
libxml2 - several vulnerabilities
2008-11-17 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2008-11-19 00:00:00
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2008-11-18 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2008-11-17 00:00:00
redhat
redhat
(RHSA-2008:0988) Important: libxml2 security update
2008-11-17 00:00:00
centos
centos
libxml2 security update
2008-11-24 00:43:15
libxml2 security update
2008-11-17 23:54:51
slackware
slackware
[slackware-security] libxml2
2008-11-20 03:51:12
debian
debian
[SECURITY] [DSA 1666-1] New libxml2 packages fix several vulnerabilities
2008-11-17 23:34:04
vmware
vmware
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
2009-01-30 00:00:00
ubuntucve
ubuntucve
CVE-2008-4225
2008-11-25 00:00:00
CVE-2008-4226
2008-11-25 00:00:00
cvelist
cvelist
CVE-2008-4226
2008-11-25 23:00:00
CVE-2008-4225
2008-11-25 23:00:00
prion
prion
Integer overflow
2008-11-25 23:30:00
Integer overflow
2008-11-25 23:30:00
cve
cve
CVE-2008-4225
2008-11-25 23:30:00
CVE-2008-4226
2008-11-25 23:30:00
debiancve
debiancve
CVE-2008-4226
2008-11-25 23:30:00
CVE-2008-4225
2008-11-25 23:30:00
nvd
nvd
CVE-2008-4225
2008-11-25 23:30:00
CVE-2008-4226
2008-11-25 23:30:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00
seebug
seebug
libxml2 xmlSAX2Characters()ε‡½ζ•°ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-11-20 00:00:00
securityvulns
securityvulns
libxml library DoS
2008-08-25 00:00:00
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
2010-04-26 00:00:00
HP System Management Homepage multiple security vulnerabilities
2010-05-20 00:00:00

0.019 Low

EPSS

Percentile

88.4%

JSON
Related for OPENVAS:840301
openvas63nessus56fedora4altlinux2osv1ubuntu1freebsd1oraclelinux1redhat1centos2slackware1debian1vmware2ubuntucve2cvelist2prion2cve2debiancve2nvd2gentoo1seebug1securityvulns3