Rapid7 VulnDB

SUSE Linux Security Advisory: SUSE-SA:2004:040

Back to Search

SUSE Linux Security Advisory: SUSE-SA:2004:040

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
03/01/2005
Created
07/25/2018
Added
12/12/2013
Modified
07/04/2017

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Solution(s)

  • suse-upgrade-art-sharp
  • suse-upgrade-audit
  • suse-upgrade-audit-devel
  • suse-upgrade-audit-libs
  • suse-upgrade-audit-libs-32bit
  • suse-upgrade-audit-libs-64bit
  • suse-upgrade-audit-libs-python
  • suse-upgrade-audit-libs-x86
  • suse-upgrade-beagle
  • suse-upgrade-beagle-evolution
  • suse-upgrade-beagle-firefox
  • suse-upgrade-beagle-gui
  • suse-upgrade-cifs-mount
  • suse-upgrade-compiz
  • suse-upgrade-contact-lookup-applet
  • suse-upgrade-dhcp
  • suse-upgrade-dhcp-client
  • suse-upgrade-dhcp-devel
  • suse-upgrade-dhcp-relay
  • suse-upgrade-dhcp-server
  • suse-upgrade-dia
  • suse-upgrade-evolution
  • suse-upgrade-evolution-devel
  • suse-upgrade-evolution-exchange
  • suse-upgrade-evolution-pilot
  • suse-upgrade-evolution-webcal
  • suse-upgrade-f-spot
  • suse-upgrade-gaim
  • suse-upgrade-gaim-devel
  • suse-upgrade-gconf-sharp
  • suse-upgrade-gda-sharp
  • suse-upgrade-gdb
  • suse-upgrade-gdb-32bit
  • suse-upgrade-gdb-64bit
  • suse-upgrade-gdb-x86
  • suse-upgrade-gftp
  • suse-upgrade-glade-sharp
  • suse-upgrade-glib-sharp
  • suse-upgrade-glib2
  • suse-upgrade-glib2-32bit
  • suse-upgrade-glib2-64bit
  • suse-upgrade-glib2-devel
  • suse-upgrade-glib2-doc
  • suse-upgrade-glib2-x86
  • suse-upgrade-gnome-backgrounds
  • suse-upgrade-gnome-filesystem
  • suse-upgrade-gnome-games
  • suse-upgrade-gnome-sharp
  • suse-upgrade-gnomedb-sharp
  • suse-upgrade-gnopernicus
  • suse-upgrade-gnopernicus-devel
  • suse-upgrade-gstreamer010-plugins-base
  • suse-upgrade-gstreamer010-plugins-base-32bit
  • suse-upgrade-gstreamer010-plugins-base-64bit
  • suse-upgrade-gstreamer010-plugins-base-devel
  • suse-upgrade-gstreamer010-plugins-base-doc
  • suse-upgrade-gstreamer010-plugins-base-oil
  • suse-upgrade-gstreamer010-plugins-base-oil-32bit
  • suse-upgrade-gstreamer010-plugins-base-visual
  • suse-upgrade-gstreamer010-plugins-base-visual-32bit
  • suse-upgrade-gstreamer010-plugins-base-x86
  • suse-upgrade-gtk-sharp
  • suse-upgrade-gtk-sharp-32bit
  • suse-upgrade-gtk-sharp-complete
  • suse-upgrade-gtk-sharp-gapi
  • suse-upgrade-gtkhtml-sharp
  • suse-upgrade-helix-dbus-server
  • suse-upgrade-inkscape
  • suse-upgrade-libbeagle
  • suse-upgrade-libbeagle-32bit
  • suse-upgrade-libbeagle-64bit
  • suse-upgrade-libbeagle-devel
  • suse-upgrade-libbeagle-x86
  • suse-upgrade-libgail-gnome
  • suse-upgrade-libgail-gnome-devel
  • suse-upgrade-libgdiplus
  • suse-upgrade-libipoddevice
  • suse-upgrade-libipoddevice-32bit
  • suse-upgrade-libmsrpc
  • suse-upgrade-libmsrpc-devel
  • suse-upgrade-libsmbclient
  • suse-upgrade-libsmbclient-32bit
  • suse-upgrade-libsmbclient-64bit
  • suse-upgrade-libsmbclient-devel
  • suse-upgrade-libsmbclient-x86
  • suse-upgrade-libtool
  • suse-upgrade-libtool-32bit
  • suse-upgrade-libtool-64bit
  • suse-upgrade-libtool-x86
  • suse-upgrade-linphone
  • suse-upgrade-linphone-applet
  • suse-upgrade-networkmanager
  • suse-upgrade-networkmanager-devel
  • suse-upgrade-networkmanager-glib
  • suse-upgrade-networkmanager-gnome
  • suse-upgrade-networkmanager-openvpn
  • suse-upgrade-networkmanager-vpnc
  • suse-upgrade-openobex
  • suse-upgrade-openobex-devel
  • suse-upgrade-planner
  • suse-upgrade-planner-devel
  • suse-upgrade-pwlib
  • suse-upgrade-pwlib-devel
  • suse-upgrade-resapplet
  • suse-upgrade-rsvg-sharp
  • suse-upgrade-sabayon
  • suse-upgrade-sabayon-admin
  • suse-upgrade-samba
  • suse-upgrade-samba-32bit
  • suse-upgrade-samba-64bit
  • suse-upgrade-samba-client
  • suse-upgrade-samba-client-32bit
  • suse-upgrade-samba-client-64bit
  • suse-upgrade-samba-client-x86
  • suse-upgrade-samba-doc
  • suse-upgrade-samba-krb-printing
  • suse-upgrade-samba-pdb
  • suse-upgrade-samba-python
  • suse-upgrade-samba-vscan
  • suse-upgrade-samba-winbind
  • suse-upgrade-samba-winbind-32bit
  • suse-upgrade-samba-winbind-64bit
  • suse-upgrade-samba-winbind-x86
  • suse-upgrade-samba-x86
  • suse-upgrade-tomboy
  • suse-upgrade-vte-sharp
  • suse-upgrade-wbxml2
  • suse-upgrade-xgl
  • suse-upgrade-xgl-hardware-list

References

  • suse-upgrade-art-sharp
  • suse-upgrade-audit
  • suse-upgrade-audit-devel
  • suse-upgrade-audit-libs
  • suse-upgrade-audit-libs-32bit
  • suse-upgrade-audit-libs-64bit
  • suse-upgrade-audit-libs-python
  • suse-upgrade-audit-libs-x86
  • suse-upgrade-beagle
  • suse-upgrade-beagle-evolution
  • suse-upgrade-beagle-firefox
  • suse-upgrade-beagle-gui
  • suse-upgrade-cifs-mount
  • suse-upgrade-compiz
  • suse-upgrade-contact-lookup-applet
  • suse-upgrade-dhcp
  • suse-upgrade-dhcp-client
  • suse-upgrade-dhcp-devel
  • suse-upgrade-dhcp-relay
  • suse-upgrade-dhcp-server
  • suse-upgrade-dia
  • suse-upgrade-evolution
  • suse-upgrade-evolution-devel
  • suse-upgrade-evolution-exchange
  • suse-upgrade-evolution-pilot
  • suse-upgrade-evolution-webcal
  • suse-upgrade-f-spot
  • suse-upgrade-gaim
  • suse-upgrade-gaim-devel
  • suse-upgrade-gconf-sharp
  • suse-upgrade-gda-sharp
  • suse-upgrade-gdb
  • suse-upgrade-gdb-32bit
  • suse-upgrade-gdb-64bit
  • suse-upgrade-gdb-x86
  • suse-upgrade-gftp
  • suse-upgrade-glade-sharp
  • suse-upgrade-glib-sharp
  • suse-upgrade-glib2
  • suse-upgrade-glib2-32bit
  • suse-upgrade-glib2-64bit
  • suse-upgrade-glib2-devel
  • suse-upgrade-glib2-doc
  • suse-upgrade-glib2-x86
  • suse-upgrade-gnome-backgrounds
  • suse-upgrade-gnome-filesystem
  • suse-upgrade-gnome-games
  • suse-upgrade-gnome-sharp
  • suse-upgrade-gnomedb-sharp
  • suse-upgrade-gnopernicus
  • suse-upgrade-gnopernicus-devel
  • suse-upgrade-gstreamer010-plugins-base
  • suse-upgrade-gstreamer010-plugins-base-32bit
  • suse-upgrade-gstreamer010-plugins-base-64bit
  • suse-upgrade-gstreamer010-plugins-base-devel
  • suse-upgrade-gstreamer010-plugins-base-doc
  • suse-upgrade-gstreamer010-plugins-base-oil
  • suse-upgrade-gstreamer010-plugins-base-oil-32bit
  • suse-upgrade-gstreamer010-plugins-base-visual
  • suse-upgrade-gstreamer010-plugins-base-visual-32bit
  • suse-upgrade-gstreamer010-plugins-base-x86
  • suse-upgrade-gtk-sharp
  • suse-upgrade-gtk-sharp-32bit
  • suse-upgrade-gtk-sharp-complete
  • suse-upgrade-gtk-sharp-gapi
  • suse-upgrade-gtkhtml-sharp
  • suse-upgrade-helix-dbus-server
  • suse-upgrade-inkscape
  • suse-upgrade-libbeagle
  • suse-upgrade-libbeagle-32bit
  • suse-upgrade-libbeagle-64bit
  • suse-upgrade-libbeagle-devel
  • suse-upgrade-libbeagle-x86
  • suse-upgrade-libgail-gnome
  • suse-upgrade-libgail-gnome-devel
  • suse-upgrade-libgdiplus
  • suse-upgrade-libipoddevice
  • suse-upgrade-libipoddevice-32bit
  • suse-upgrade-libmsrpc
  • suse-upgrade-libmsrpc-devel
  • suse-upgrade-libsmbclient
  • suse-upgrade-libsmbclient-32bit
  • suse-upgrade-libsmbclient-64bit
  • suse-upgrade-libsmbclient-devel
  • suse-upgrade-libsmbclient-x86
  • suse-upgrade-libtool
  • suse-upgrade-libtool-32bit
  • suse-upgrade-libtool-64bit
  • suse-upgrade-libtool-x86
  • suse-upgrade-linphone
  • suse-upgrade-linphone-applet
  • suse-upgrade-networkmanager
  • suse-upgrade-networkmanager-devel
  • suse-upgrade-networkmanager-glib
  • suse-upgrade-networkmanager-gnome
  • suse-upgrade-networkmanager-openvpn
  • suse-upgrade-networkmanager-vpnc
  • suse-upgrade-openobex
  • suse-upgrade-openobex-devel
  • suse-upgrade-planner
  • suse-upgrade-planner-devel
  • suse-upgrade-pwlib
  • suse-upgrade-pwlib-devel
  • suse-upgrade-resapplet
  • suse-upgrade-rsvg-sharp
  • suse-upgrade-sabayon
  • suse-upgrade-sabayon-admin
  • suse-upgrade-samba
  • suse-upgrade-samba-32bit
  • suse-upgrade-samba-64bit
  • suse-upgrade-samba-client
  • suse-upgrade-samba-client-32bit
  • suse-upgrade-samba-client-64bit
  • suse-upgrade-samba-client-x86
  • suse-upgrade-samba-doc
  • suse-upgrade-samba-krb-printing
  • suse-upgrade-samba-pdb
  • suse-upgrade-samba-python
  • suse-upgrade-samba-vscan
  • suse-upgrade-samba-winbind
  • suse-upgrade-samba-winbind-32bit
  • suse-upgrade-samba-winbind-64bit
  • suse-upgrade-samba-winbind-x86
  • suse-upgrade-samba-x86
  • suse-upgrade-tomboy
  • suse-upgrade-vte-sharp
  • suse-upgrade-wbxml2
  • suse-upgrade-xgl
  • suse-upgrade-xgl-hardware-list

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;