CVE-2004-0110

SGI Propack - Buffer Overflow

Title source: rule

Description

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by infamous41md · clocallinux

https://www.exploit-db.com/exploits/601

View Code ZIP pw:eip

References (18)

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-091.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11626

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A875

[Mailing List] http://marc.info/?l=bugtraq&m=107851606605420&w=2

[Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2004-090.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15302

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/9718

[Third Party Advisory] http://www.debian.org/security/2004/dsa-455

[Various Sources] http://www.xmlsoft.org/news.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-650.html

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-086.shtml

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A833

[Third Party Advisory] http://secunia.com/advisories/10958/

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2005_01_sr.html

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200403-01.xml

[US Government Resource] http://www.kb.cert.org/vuls/id/493966

[Mailing List] http://marc.info/?l=bugtraq&m=107860178228804&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15301

Scores

EPSS 0.4134

EPSS Percentile 97.4%

Details

Status published

Products (14)

sgi/propack 2.3

sgi/propack 2.4

xmlsoft/libxml 1.8.17

xmlsoft/libxml2 2.4.19

xmlsoft/libxml2 2.4.23

xmlsoft/libxml2 2.5.4

xmlsoft/libxml2 2.5.10

xmlsoft/libxml2 2.5.11

xmlsoft/libxml2 2.6.0

xmlsoft/libxml2 2.6.1

... and 4 more

Published Mar 15, 2004

Tracked Since Feb 18, 2026