CVE-2004-0989
NONE EPSS 97.3%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Threat Intelligence
EPSS Exploit Probability
97.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| xmlsoft | libxml | 1.8.17 | any |
| xmlsoft | libxml2 | 2.5.11 | any |
| xmlsoft | libxml2 | 2.6.6 | any |
| xmlsoft | libxml2 | 2.6.7 | any |
| xmlsoft | libxml2 | 2.6.8 | any |
| xmlsoft | libxml2 | 2.6.9 | any |
| xmlsoft | libxml2 | 2.6.11 | any |
| xmlsoft | libxml2 | 2.6.12 | any |
| xmlsoft | libxml2 | 2.6.13 | any |
| xmlsoft | libxml2 | 2.6.14 | any |
| xmlstarlet | command_line_xml_toolkit | 0.9.1 | any |
| redhat | fedora_core | core_2.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 22
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
- lists.apple.com http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
- marc.info http://marc.info/?l=bugtraq&m=109880813013482&w=2
- secunia.com http://secunia.com/advisories/13000
- securitytracker.com http://securitytracker.com/id?1011941
- ciac.org http://www.ciac.org/ciac/bulletins/p-029.shtml
- debian.org http://www.debian.org/security/2004/dsa-582
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
- novell.com http://www.novell.com/linux/security/advisories/2005_01_sr.html
- osvdb.org http://www.osvdb.org/11179
- osvdb.org http://www.osvdb.org/11180
- osvdb.org http://www.osvdb.org/11324
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-615.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-650.html
- securityfocus.com http://www.securityfocus.com/bid/11526
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17870
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17872
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17875
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17876
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173
- ubuntu.com https://www.ubuntu.com/usn/usn-89-1/
Remediation
- securityfocus.com http://www.securityfocus.com/bid/11526