CVE-2004-0989
published 2005-03-01CVE-2004-0989: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
21.69%
97.3th percentile
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.6.11-5 (bookworm) | libxml2 2.6.11-5 (bookworm) |
| redhat | fedora_core | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.6.11-5 | 2.6.11-5 |
| xmlsoft | libxml2 | >= 0 < 2.6.11-5 | 2.6.11-5 |
| xmlsoft | libxml2 | >= 0 < 2.6.11-5 | 2.6.11-5 |
| xmlsoft | libxml2 | >= 0 < 2.6.11-5 | 2.6.11-5 |
| xmlstarlet | command_line_xml_toolkit | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mpv4-c8cf-72rm: Multiple buffer overflows in libXML 2
ghsa_unreviewed·2022-04-29
CVE-2004-0989 [HIGH] GHSA-mpv4-c8cf-72rm: Multiple buffer overflows in libXML 2
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
OSV
CVE-2004-0989: Multiple buffer overflows in libXML 2
osv·2005-03-01·CVSS 10.0
CVE-2004-0989 [CRITICAL] CVE-2004-0989: Multiple buffer overflows in libXML 2
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Ubuntu
XML library vulnerabilities
vendor_ubuntu·2005-02-28
CVE-2004-0989 XML library vulnerabilities
Title: XML library vulnerabilities
Summary: XML library vulnerabilities
Several buffer overflows have been discovered in libxml's FTP
connection and DNS resolution functions. Supplying very long FTP URLs
or IP addresses might result in execution of arbitrary code with the
privileges of the process using libxml.
This does not affect the core XML parsing code, which is what the
majority of programs use this library for.
Note: The same vulnerability was already fixed for libxml2 in
USN-10-1.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libxml2 various overflows
vendor_redhat·2004-10-26·CVSS 10.0
CVE-2004-0989 [CRITICAL] libxml2 various overflows
libxml2 various overflows
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Red Hat
security flaw
vendor_redhat·2004-01-14·CVSS 7.5
CVE-2003-0989 [HIGH] security flaw
security flaw
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
Red Hat
security flaw
vendor_redhat·2004-01-04·CVSS 7.5
CVE-2004-0057 [HIGH] security flaw
security flaw
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
Debian
CVE-2004-0989: libxml2 - Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly ot...
vendor_debian·2004·CVSS 10.0
CVE-2004-0989 [CRITICAL] CVE-2004-0989: libxml2 - Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly ot...
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Scope: local
bookworm: resolved (fixed in 2.6.11-5)
bullseye: resolved (fixed in 2.6.11-5)
forky: resolved (fixed in 2.6.11-5)
sid: resolved (fixed in 2.6.11-5)
trixie: resolved (fixed in 2.6.11-5)
No detection rules found.
Bugzilla
CVE-2003-0989 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0989 [HIGH] CVE-2003-0989 security flaw
CVE-2003-0989 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
Bugzilla
CVE-2004-0057 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2004-0057 [HIGH] CVE-2004-0057 security flaw
CVE-2004-0057 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
Bugzilla
CVE-2004-0989 libxml2 various overflows
bugzilla·2008-01-29·CVSS 10.0
CVE-2004-0989 [CRITICAL] CVE-2004-0989 libxml2 various overflows
CVE-2004-0989 libxml2 various overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0989 to the following vulnerability:
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
htt
Bugzilla
CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)
bugzilla·2004-11-12
[MEDIUM] CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)
CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)
We missed these buffer overflows in libxml, which we fixed in libxml2.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
These issues also affect FC2
Discussion:
Fixed with release 2.6.15 (and 2.6.16-3 yesterday),
Daniel
---
Right, this issue is for libxml-1.8.17 though, not libxml2.
---
To clarify this (I've confused a few people).
We ship libxml2 and libxml1. We applied these fixes to libxml2 and released
updates.
We did not apply these to libxml1.
---
Testing comment.
---
The same fix for 139090 applies directly to FC2 and FC3 version
of libxml, as a result I pushed:
- libxml-1_8_17-10_1_2 to dist-fc2-updates-candidate
- libxml-1_8_17-12 t
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109880813013482&w=2http://secunia.com/advisories/13000http://securitytracker.com/id?1011941http://www.ciac.org/ciac/bulletins/p-029.shtmlhttp://www.debian.org/security/2004/dsa-582http://www.gentoo.org/security/en/glsa/glsa-200411-05.xmlhttp://www.novell.com/linux/security/advisories/2005_01_sr.htmlhttp://www.osvdb.org/11179http://www.osvdb.org/11180http://www.osvdb.org/11324http://www.redhat.com/support/errata/RHSA-2004-615.htmlhttp://www.redhat.com/support/errata/RHSA-2004-650.htmlhttp://www.securityfocus.com/bid/11526https://exchange.xforce.ibmcloud.com/vulnerabilities/17870https://exchange.xforce.ibmcloud.com/vulnerabilities/17872https://exchange.xforce.ibmcloud.com/vulnerabilities/17875https://exchange.xforce.ibmcloud.com/vulnerabilities/17876https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173https://www.ubuntu.com/usn/usn-89-1/http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109880813013482&w=2http://secunia.com/advisories/13000http://securitytracker.com/id?1011941http://www.ciac.org/ciac/bulletins/p-029.shtmlhttp://www.debian.org/security/2004/dsa-582http://www.gentoo.org/security/en/glsa/glsa-200411-05.xmlhttp://www.novell.com/linux/security/advisories/2005_01_sr.htmlhttp://www.osvdb.org/11179http://www.osvdb.org/11180http://www.osvdb.org/11324http://www.redhat.com/support/errata/RHSA-2004-615.htmlhttp://www.redhat.com/support/errata/RHSA-2004-650.htmlhttp://www.securityfocus.com/bid/11526https://exchange.xforce.ibmcloud.com/vulnerabilities/17870https://exchange.xforce.ibmcloud.com/vulnerabilities/17872https://exchange.xforce.ibmcloud.com/vulnerabilities/17875https://exchange.xforce.ibmcloud.com/vulnerabilities/17876https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173https://www.ubuntu.com/usn/usn-89-1/
2005-03-01
Published