CVE-2004-0989: Buffer Overflow
First published: Thu Oct 28 2004(Updated: )
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libxml2 | =1.8.17 | |
| Gnome Libxml2 | =2.5.11 | |
| Gnome Libxml2 | =2.6.6 | |
| Gnome Libxml2 | =2.6.7 | |
| Gnome Libxml2 | =2.6.8 | |
| Gnome Libxml2 | =2.6.9 | |
| Gnome Libxml2 | =2.6.11 | |
| Gnome Libxml2 | =2.6.12 | |
| Gnome Libxml2 | =2.6.13 | |
| Gnome Libxml2 | =2.6.14 | |
| XMLStarlet Command Line XML Toolkit | =0.9.1 | |
| Red Hat Fedora Core | =core_2.0 | |
| Trustix Secure Linux | =2.0 | |
| Trustix Secure Linux | =2.1 | |
| Ubuntu Linux | =4.1 | |
| Ubuntu Linux | =4.1 | |
| libxml2 | =2.6.11 | |
| libxml2 | =2.6.13 | |
| libxml2 | =2.6.7 | |
| libxml2 | =2.6.14 | |
| libxml2 | =2.6.8 | |
| libxml2 | =2.5.11 | |
| Libxml2 | =1.8.17 | |
| libxml2 | =2.6.12 | |
| libxml2 | =2.6.9 | |
| libxml2 | =2.6.6 | |
| Ubuntu | =4.1 | |
| Ubuntu | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11526
- http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
- http://www.debian.org/security/2004/dsa-582
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
- http://www.redhat.com/support/errata/RHSA-2004-615.html
- http://www.redhat.com/support/errata/RHSA-2004-650.html
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
- http://www.ciac.org/ciac/bulletins/p-029.shtml
- http://www.osvdb.org/11179
- http://www.osvdb.org/11180
- http://www.osvdb.org/11324
- http://securitytracker.com/id?1011941
- http://secunia.com/advisories/13000
- http://marc.info/?l=bugtraq&m=109880813013482&w=2
- https://www.ubuntu.com/usn/usn-89-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
Frequently Asked Questions
What is the severity of CVE-2004-0989?
CVE-2004-0989 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2004-0989?
To remediate CVE-2004-0989, upgrade libXML to version 2.6.14 or later, where this vulnerability is patched.
Which software versions are affected by CVE-2004-0989?
Affected versions include libXML 2.6.12, 2.6.13, and earlier versions up to 2.6.11.
What type of vulnerability is CVE-2004-0989?
CVE-2004-0989 is identified as a buffer overflow vulnerability.
Can CVE-2004-0989 affect my system remotely?
Yes, CVE-2004-0989 can be exploited by remote attackers to execute arbitrary code on the vulnerable system.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/xmlsoft
- product/libxml2
- canonical/xmlsoft libxml2
- vendor/xmlstarlet
- product/command line xml toolkit
- canonical/xmlstarlet command line xml toolkit
- product/libxml
- canonical/xmlsoft libxml
- vendor/redhat
- product/fedora core
- canonical/redhat fedora core
- vendor/trustix
- product/secure linux
- canonical/trustix secure linux
- vendor/ubuntu
- product/ubuntu linux
- canonical/ubuntu ubuntu linux
- canonical/libxml2
- version/libxml2/1.8.17
- canonical/gnome libxml2
- version/gnome libxml2/2.5.11
- version/gnome libxml2/2.6.6
- version/gnome libxml2/2.6.7
- version/gnome libxml2/2.6.8
- version/gnome libxml2/2.6.9
- version/gnome libxml2/2.6.11
- version/gnome libxml2/2.6.12
- version/gnome libxml2/2.6.13
- version/gnome libxml2/2.6.14
- version/xmlstarlet command line xml toolkit/0.9.1
- canonical/red hat fedora core
- version/red hat fedora core/core_2.0
- version/trustix secure linux/2.0
- version/trustix secure linux/2.1
- canonical/ubuntu linux
- version/ubuntu linux/4.1
- version/libxml2/2.6.11
- version/libxml2/2.6.13
- version/libxml2/2.6.7
- version/libxml2/2.6.14
- version/libxml2/2.6.8
- version/libxml2/2.5.11
- version/libxml2/2.6.12
- version/libxml2/2.6.9
- version/libxml2/2.6.6
- canonical/ubuntu
- version/ubuntu/4.1