CVE-2004-0989

libXML 2.6.12-2.6.13 - Buffer Overflow

Title source: llm

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sean · cremotelinux

https://www.exploit-db.com/exploits/24704

View Code ZIP pw:eip

References (22)

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

[Mailing List] http://marc.info/?l=bugtraq&m=109880813013482&w=2

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/p-029.shtml

[Third Party Advisory, VDB Entry] http://www.osvdb.org/11179

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1011941

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-615.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/11526

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17872

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-650.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890

[Third Party Advisory, VDB Entry] http://www.osvdb.org/11324

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2005_01_sr.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173

[Vendor Advisory] https://www.ubuntu.com/usn/usn-89-1/

[Third Party Advisory] http://secunia.com/advisories/13000

[Third Party Advisory] http://www.debian.org/security/2004/dsa-582

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17870

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17875

... and 2 more

Scores

EPSS 0.2427

EPSS Percentile 96.1%

Details

Status published

Products (15)

redhat/fedora_core core_2.0

trustix/secure_linux 2.0

trustix/secure_linux 2.1

ubuntu/ubuntu_linux 4.1 (2 CPE variants)

xmlsoft/libxml 1.8.17

xmlsoft/libxml2 2.5.11

xmlsoft/libxml2 2.6.6

xmlsoft/libxml2 2.6.7

xmlsoft/libxml2 2.6.8

xmlsoft/libxml2 2.6.9

... and 5 more

Published Mar 01, 2005

Tracked Since Feb 18, 2026