libxml2 DNS Reply Overflows

2004-10-25T19:51:32
ID OSVDB:11180
Type osvdb
Reporter infamous41md(infamous41md@hotpop.com)
Modified 2004-10-25T19:51:32

Description

Vulnerability Description

Remote overflows exist in libxml2. libxml's nanoftp.c xmlNanoFTPConnect() and nanohttp.c xmlNanoHTTPConnectHost() functions fail to properly perform boundary checking of DNS replies, an issue that could potentially cause stack-based overflows. Using specially-crafted DNS replies, an attacker that has hijacked or is controlling a DNS server can cause a denial of service or execute arbitrary code, resulting in a loss of availability or integrity.

Solution Description

Upgrade to version 2.6.15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Remote overflows exist in libxml2. libxml's nanoftp.c xmlNanoFTPConnect() and nanohttp.c xmlNanoHTTPConnectHost() functions fail to properly perform boundary checking of DNS replies, an issue that could potentially cause stack-based overflows. Using specially-crafted DNS replies, an attacker that has hijacked or is controlling a DNS server can cause a denial of service or execute arbitrary code, resulting in a loss of availability or integrity.

References:

Vendor URL: http://www.xmlsoft.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011941 Secunia Advisory ID:13080 Secunia Advisory ID:13192 Secunia Advisory ID:14430 Secunia Advisory ID:13076 Secunia Advisory ID:13097 Secunia Advisory ID:13000 Secunia Advisory ID:13016 Secunia Advisory ID:13506 Related OSVDB ID: 11179 Related OSVDB ID: 11180 RedHat RHSA: RHSA-2004:650 RedHat RHSA: RHSA-2004:615 Packet Storm: http://packetstormsecurity.nl/0410-exploits/libxmlSploit.c Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:127 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-89-1 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0267.html ISS X-Force ID: 17870 CVE-2004-0989 Bugtraq ID: 11526