4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
gnome-vfs2 is vulnerable to denial of service (DoS) attacks. The vulnerability exists as neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CPE | Name | Operator | Version |
---|---|---|---|
gnome-vfs2 | eq | 2.16.2__4.el5 | |
gnome-vfs2 | eq | 2.16.2__8.el5 | |
gnome-vfs2 | eq | 2.16.2__5.el5 | |
gnome-vfs2 | eq | 2.16.2__6.el5_5.1 | |
gnome-vfs2 | eq | 2.16.2__6.el5 |
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html
lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
rhn.redhat.com/errata/RHSA-2013-0131.html
secunia.com/advisories/36371
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2009:221
www.vupen.com/english/advisories/2009/2341
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=580855
bugzilla.redhat.com/show_bug.cgi?id=621394
bugzilla.redhat.com/show_bug.cgi?id=822817
bugzilla.redhat.com/show_bug.cgi?id=848822
exchange.xforce.ibmcloud.com/vulnerabilities/52633
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461
rhn.redhat.com/errata/RHSA-2013-0131.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html