The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Santuario XML Security: buffer overflow via large keys

Synthesis of the vulnerability 

An attacker can use a large RSA key, in order to create a buffer overflow in C++ applications linked to Apache Santuario XML Security.
Vulnerable products: Apache XML Security for C++, Debian, Fedora.
Severity of this weakness: 3/4.
Creation date: 11/07/2011.
Références of this bulletin: BID-48611, CERTA-2003-AVI-004, CVE-2011-2516, DSA-2277-1, FEDORA-2011-9494, FEDORA-2011-9501, VIGILANCE-VUL-10824.

Description of the vulnerability 

The W3C XMLDsig (XML Signature Syntax and Processing) recommendation indicates how to sign XML documents. The Apache Santuario XML Security library implements XMLDsig for programs written in C++ language.

The DSIGAlgorithmHandlerDefault::signToSafeBuffer() and OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature() methods sign and check the signature. However, these functions use a fixed size array of 1024 bytes (8192 bit).

An attacker can therefore use a large RSA key, in order to create a buffer overflow in C++ applications linked to Apache Santuario XML Security. For example, if the application checks signatures with a key larger than 8192 bit, the attacker can stop it or execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Apache XML Security for C++, Debian, Fedora.

Our Vigil@nce team determined that the severity of this computer weakness alert is important.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability.

Solutions for this threat 

Apache Santuario XML Security: version 1.6.1.
The version 1.6.1 is corrected:
  http://santuario.apache.org/

Apache Santuario XML Security: patch for large keys.
A patch is available in information sources.

Debian: new xml-security-c packages.
New packages are available:
  xml-security-c 1.4.0-3+lenny3
  xml-security-c 1.5.1-3+squeeze1

Fedora: new xml-security-c packages.
New packages are available:
  xml-security-c-1.5.1-4.fc14
  xml-security-c-1.5.1-5.fc15
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.