libxml2 Proxy FTP URL Processing Overflow

2004-10-25T19:51:32
ID OSVDB:11324
Type osvdb
Reporter infamous41md(infamous41md@hotpop.com)
Modified 2004-10-25T19:51:32

Description

Vulnerability Description

A remote overflow exists in libxml2. libxml2's nanoftp.c xmlNanoFTPScanProxy() function fails to perform boundary checking of user-supplied data that is copied into a finite stack buffer, which could potentially cause a stack-based overflow. Using a specially crafted URL, an attacker can cause a denial of service or execute arbitrary code resulting in a loss of integrity or availability.

Solution Description

Upgrade to version 2.6.15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in libxml2. libxml2's nanoftp.c xmlNanoFTPScanProxy() function fails to perform boundary checking of user-supplied data that is copied into a finite stack buffer, which could potentially cause a stack-based overflow. Using a specially crafted URL, an attacker can cause a denial of service or execute arbitrary code resulting in a loss of integrity or availability.

References:

Vendor URL: http://www.xmlsoft.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011941 Secunia Advisory ID:13192 Secunia Advisory ID:14430 Secunia Advisory ID:13097 Secunia Advisory ID:13000 Secunia Advisory ID:13016 Secunia Advisory ID:13506 Related OSVDB ID: 11179 Related OSVDB ID: 11180 RedHat RHSA: RHSA-2004:650 RedHat RHSA: RHSA-2004:615 Packet Storm: http://packetstormsecurity.nl/0410-exploits/libxmlSploit.c Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:127 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-89-1 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0267.html ISS X-Force ID: 17870 CVE-2004-0989 Bugtraq ID: 11526