[MBT] new ticket for pkg libxml2 "buffer overflows can lead to remote system compromise"

bugs at pld-linux.org bugs at pld-linux.org
Mon Mar 1 13:12:21 CET 2004


Date: 2004-03-01 13:12:05+01	Author:  (kreutzm) <kreutzm at itp.uni-hannover.de> 
Title:         buffer overflows can lead to remote system compromise
Ticket ID:     #852
Ticket URL:    http://bugs.pld-linux.org/?bug=852
Package:       libxml2-1:2.4.24-2
Distribution:  PLD-1.0.main PLD-1.1.main
Category:      unknown
Current state: opened
Text:

Citing "RHSA-2004:091-01":

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines.  These routines can overflow a buffer if passed a very long URL.  If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110 to this issue.

Unfortunately, as of this writing, the CAN-Entry still shows reserved.





More information about the pld-bugs mailing list