Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2011-1944

libxml2: memory corruption via XPath

Synthesis of the vulnerability

An attacker can use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, NSM Central Manager, NSMXpress, libxml2, Mandriva Corporate, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 31/05/2011.
Identifiers: BID-48056, CERTA-2012-AVI-387, CERTA-2012-AVI-479, CERTA-2012-AVI-673, CVE-2011-1944, DSA 2255-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESXi400-201209001, ESXi400-201209401-SG, ESXi410-201208101-SG, ESXi500-201207001, ESXi500-201207101-SG, FEDORA-2011-7820, FEDORA-2011-7856, FEDORA-2012-13820, FEDORA-2012-13824, MDVSA-2011:131, MDVSA-2011:131-1, openSUSE-SU-2011:0839-1, PSN-2012-11-767, RHSA-2011:1749-03, RHSA-2012:0017-01, RHSA-2013:0217-01, SUSE-SU-2011:0838-1, VIGILANCE-VUL-10696, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0012, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The XPath language is used to select XML nodes.

The libxml2 library creates XML documents and manages attributes in dada structure.

The function XmlXPathNodeSetAddNs() permits to add nodes in the current analysed structure. However, if the xpath expression is type of: "//@*/ preceding:: node ()/ancestor::node()/ancestor::foo['foo']", the function xmlXPathNodeSetAddNs() then double the value of cur->nodeMax without a memory reallocation, causing a memory corruption.

An attacker can therefore use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.



















Copyright 1999-2013 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française