The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert CVE-2011-1944

libxml2: memory corruption via XPath

Synthesis of the vulnerability

An attacker can use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Juniper J-Series, JUNOS, NSM Central Manager, NSMXpress, libxml, Mandriva Corporate, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 31/05/2011.
Identifiers: BID-48056, CERTA-2012-AVI-387, CERTA-2012-AVI-479, CERTA-2012-AVI-673, CERTFR-2015-AVI-023, CVE-2011-1944, DSA-2255-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESXi400-201209001, ESXi400-201209401-SG, ESXi410-201208101-SG, ESXi500-201207001, ESXi500-201207101-SG, FEDORA-2011-7820, FEDORA-2011-7856, FEDORA-2012-13820, FEDORA-2012-13824, JSA10669, MDVSA-2011:131, MDVSA-2011:131-1, openSUSE-SU-2011:0839-1, PSN-2012-11-767, RHSA-2011:1749-03, RHSA-2012:0017-01, RHSA-2013:0217-01, SUSE-SU-2011:0838-1, VIGILANCE-VUL-10696, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0012, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The XPath language is used to select XML nodes.

The libxml2 library creates XML documents and manages attributes in dada structure.

The function XmlXPathNodeSetAddNs() permits to add nodes in the current analysed structure. However, if the xpath expression is type of: "//@*/ preceding:: node ()/ancestor::node()/ancestor::foo['foo']", the function xmlXPathNodeSetAddNs() then double the value of cur->nodeMax without a memory reallocation, causing a memory corruption.

An attacker can therefore use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.