CVE-2011-1425
First published: Wed Mar 30 2011(Updated: )
Nicolas Grégoire discovered that xmlsec1 can create a file with attacker-specified path name and content when xmlsec1 is used to verify a signature of a specially-crafted XML file specifying XSLT transformation. This may be used to create or overwrite arbitrary file writeable to the user running xmlsec1. This issue was addressed upstream via following commit, which disables XSLT read/write by default: <a href="http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa">http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa</a> Acknowledgements: Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/xmlsec1 | <1.2.17 | 1.2.17 |
| Aleksey XML Security Library | <=1.2.16 | |
| Aleksey XML Security Library | =0.0.3 | |
| Aleksey XML Security Library | =1.2.10 | |
| Aleksey XML Security Library | =0.0.2a | |
| Aleksey XML Security Library | =0.0.5 | |
| Aleksey XML Security Library | =0.0.9 | |
| Aleksey XML Security Library | =1.2.13 | |
| Aleksey XML Security Library | =1.2.9 | |
| Aleksey XML Security Library | =1.2.14 | |
| Aleksey XML Security Library | =1.0.3 | |
| Aleksey XML Security Library | =1.2.8 | |
| Aleksey XML Security Library | =0.0.13 | |
| Aleksey XML Security Library | =0.1.1 | |
| Aleksey XML Security Library | =1.0.2 | |
| Aleksey XML Security Library | =0.0.2 | |
| Aleksey XML Security Library | =1.2.2 | |
| Aleksey XML Security Library | =1.1.1 | |
| Aleksey XML Security Library | =1.0.0-rc1 | |
| Aleksey XML Security Library | =0.0.12 | |
| Aleksey XML Security Library | =0.0.14 | |
| Aleksey XML Security Library | =0.0.10 | |
| Aleksey XML Security Library | =1.2.4 | |
| Aleksey XML Security Library | =1.0.1 | |
| Aleksey XML Security Library | =0.0.7 | |
| Aleksey XML Security Library | =0.0.6 | |
| Aleksey XML Security Library | =1.2.1 | |
| Aleksey XML Security Library | =1.2.7 | |
| Aleksey XML Security Library | =0.0.15 | |
| Aleksey XML Security Library | =1.2.11 | |
| Aleksey XML Security Library | =1.0.4 | |
| Aleksey XML Security Library | =1.2.5 | |
| Aleksey XML Security Library | =1.1.0 | |
| Aleksey XML Security Library | =1.2.3 | |
| Aleksey XML Security Library | =1.1.2 | |
| Aleksey XML Security Library | =1.2.6 | |
| Aleksey XML Security Library | =0.1.0 | |
| Aleksey XML Security Library | =1.2.15 | |
| Aleksey XML Security Library | =1.2.0 | |
| Aleksey XML Security Library | =1.0.0 | |
| Aleksey XML Security Library | =0.0.11 | |
| Aleksey XML Security Library | =0.0.4 | |
| Apple WebKit | ||
| Aleksey XML Security Library | =0.0.1 | |
| Aleksey XML Security Library | =0.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
- http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
- http://secunia.com/advisories/43920
- https://bugs.webkit.org/show_bug.cgi?id=52688
- http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
- http://trac.webkit.org/changeset/79159
- https://bugzilla.redhat.com/show_bug.cgi?id=692133
- http://www.debian.org/security/2011/dsa-2219
- http://secunia.com/advisories/44167
- http://www.vupen.com/english/advisories/2011/1010
- http://secunia.com/advisories/44423
- http://www.redhat.com/support/errata/RHSA-2011-0486.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
- http://www.vupen.com/english/advisories/2011/1172
- http://www.securitytracker.com/id?1025284
- http://www.vupen.com/english/advisories/2011/0855
- http://www.vupen.com/english/advisories/2011/0858
- http://www.securityfocus.com/bid/47135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692792
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692793
- https://rhn.redhat.com/errata/RHSA-2011-0486.html
Frequently Asked Questions
What is the severity of CVE-2011-1425?
CVE-2011-1425 is considered a high severity vulnerability due to its potential for arbitrary file overwrite.
How do I fix CVE-2011-1425?
To fix CVE-2011-1425, upgrade to xmlsec1 version 1.2.17 or later.
Which software is affected by CVE-2011-1425?
CVE-2011-1425 affects xmlsec1 versions prior to 1.2.17 and various versions of the Aleksey XML Security Library.
Can CVE-2011-1425 be exploited remotely?
Yes, CVE-2011-1425 can potentially be exploited remotely through specially-crafted XML files.
What are the potential impacts of CVE-2011-1425?
Exploitation of CVE-2011-1425 may lead to unauthorized file creation or modification on the affected system.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1425
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/aleksey
- canonical/aleksey xml security library
- version/aleksey xml security library/1.2.16
- version/aleksey xml security library/0.0.3
- version/aleksey xml security library/1.2.10
- version/aleksey xml security library/0.0.2a
- version/aleksey xml security library/0.0.5
- version/aleksey xml security library/0.0.9
- version/aleksey xml security library/1.2.13
- version/aleksey xml security library/1.2.9
- version/aleksey xml security library/1.2.14
- version/aleksey xml security library/1.0.3
- version/aleksey xml security library/1.2.8
- version/aleksey xml security library/0.0.13
- version/aleksey xml security library/0.1.1
- version/aleksey xml security library/1.0.2
- version/aleksey xml security library/0.0.2
- version/aleksey xml security library/1.2.2
- version/aleksey xml security library/1.1.1
- version/aleksey xml security library/1.0.0-rc1
- version/aleksey xml security library/0.0.12
- version/aleksey xml security library/0.0.14
- version/aleksey xml security library/0.0.10
- version/aleksey xml security library/1.2.4
- version/aleksey xml security library/1.0.1
- version/aleksey xml security library/0.0.7
- version/aleksey xml security library/0.0.6
- version/aleksey xml security library/1.2.1
- version/aleksey xml security library/1.2.7
- version/aleksey xml security library/0.0.15
- version/aleksey xml security library/1.2.11
- version/aleksey xml security library/1.0.4
- version/aleksey xml security library/1.2.5
- version/aleksey xml security library/1.1.0
- version/aleksey xml security library/1.2.3
- version/aleksey xml security library/1.1.2
- version/aleksey xml security library/1.2.6
- version/aleksey xml security library/0.1.0
- version/aleksey xml security library/1.2.15
- version/aleksey xml security library/1.2.0
- version/aleksey xml security library/1.0.0
- version/aleksey xml security library/0.0.11
- version/aleksey xml security library/0.0.4
- vendor/apple
- canonical/apple webkit
- version/aleksey xml security library/0.0.1
- version/aleksey xml security library/0.0.8