Lucene search
This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2011-1749.NASLHistoryDec 06, 2011 - 12:00 a.m.
RHEL 6 : libxml2 (RHSA-2011:1749)
2011-12-0600:00:00
This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1749 advisory.
-
libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis (CVE-2010-4008)
-
libxml2: double-free in XPath processing code (CVE-2010-4494)
-
libxml2: Off-by-one error leading to heap-based buffer overflow in encoding (CVE-2011-0216)
-
libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets (CVE-2011-1944)
-
libxml2: double free caused by malformed XPath expression in XSLT (CVE-2011-2821)
-
libxml2: double-free caused by malformed XPath expression in XSLT (CVE-2011-2834)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:1749. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57022);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id(
"CVE-2010-4008",
"CVE-2010-4494",
"CVE-2011-0216",
"CVE-2011-1944",
"CVE-2011-2821",
"CVE-2011-2834"
);
script_bugtraq_id(
44779,
45617,
48056,
48832,
49279,
49658
);
script_xref(name:"RHSA", value:"2011:1749");
script_name(english:"RHEL 6 : libxml2 (RHSA-2011:1749)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for libxml2.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2011:1749 advisory.
- libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
(CVE-2010-4008)
- libxml2: double-free in XPath processing code (CVE-2010-4494)
- libxml2: Off-by-one error leading to heap-based buffer overflow in encoding (CVE-2011-0216)
- libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging
nodesets (CVE-2011-1944)
- libxml2: double free caused by malformed XPath expression in XSLT (CVE-2011-2821)
- libxml2: double-free caused by malformed XPath expression in XSLT (CVE-2011-2834)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2011/rhsa-2011_1749.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ed187da9");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#low");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=645341");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=665963");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=709747");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=724906");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=732335");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=735712");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=735751");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:1749");
script_set_attribute(attribute:"solution", value:
"Update the RHEL libxml2 package based on the guidance in RHSA-2011:1749.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-1944");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2011-2834");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(122, 476, 672);
script_set_attribute(attribute:"vendor_severity", value:"Low");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/client/6/6Client/i386/debug',
'content/dist/rhel/client/6/6Client/i386/optional/debug',
'content/dist/rhel/client/6/6Client/i386/optional/os',
'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',
'content/dist/rhel/client/6/6Client/i386/os',
'content/dist/rhel/client/6/6Client/i386/source/SRPMS',
'content/dist/rhel/client/6/6Client/x86_64/debug',
'content/dist/rhel/client/6/6Client/x86_64/optional/debug',
'content/dist/rhel/client/6/6Client/x86_64/optional/os',
'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/6/6Client/x86_64/os',
'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',
'content/dist/rhel/power/6/6Server/ppc64/debug',
'content/dist/rhel/power/6/6Server/ppc64/optional/debug',
'content/dist/rhel/power/6/6Server/ppc64/optional/os',
'content/dist/rhel/power/6/6Server/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/6/6Server/ppc64/os',
'content/dist/rhel/power/6/6Server/ppc64/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/debug',
'content/dist/rhel/server/6/6Server/i386/highavailability/debug',
'content/dist/rhel/server/6/6Server/i386/highavailability/os',
'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/optional/debug',
'content/dist/rhel/server/6/6Server/i386/optional/os',
'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/os',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/debug',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/optional/debug',
'content/dist/rhel/server/6/6Server/x86_64/optional/os',
'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/os',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/debug',
'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',
'content/dist/rhel/system-z/6/6Server/s390x/optional/os',
'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/os',
'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/i386/debug',
'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',
'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',
'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/i386/os',
'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',
'content/fastrack/rhel/client/6/i386/debug',
'content/fastrack/rhel/client/6/i386/optional/debug',
'content/fastrack/rhel/client/6/i386/optional/os',
'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',
'content/fastrack/rhel/client/6/i386/os',
'content/fastrack/rhel/client/6/i386/source/SRPMS',
'content/fastrack/rhel/client/6/x86_64/debug',
'content/fastrack/rhel/client/6/x86_64/optional/debug',
'content/fastrack/rhel/client/6/x86_64/optional/os',
'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/client/6/x86_64/os',
'content/fastrack/rhel/client/6/x86_64/source/SRPMS',
'content/fastrack/rhel/computenode/6/x86_64/debug',
'content/fastrack/rhel/computenode/6/x86_64/optional/debug',
'content/fastrack/rhel/computenode/6/x86_64/optional/os',
'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/computenode/6/x86_64/os',
'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',
'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',
'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',
'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',
'content/fastrack/rhel/power/6/ppc64/debug',
'content/fastrack/rhel/power/6/ppc64/optional/debug',
'content/fastrack/rhel/power/6/ppc64/optional/os',
'content/fastrack/rhel/power/6/ppc64/optional/source/SRPMS',
'content/fastrack/rhel/power/6/ppc64/os',
'content/fastrack/rhel/power/6/ppc64/source/SRPMS',
'content/fastrack/rhel/server/6/i386/debug',
'content/fastrack/rhel/server/6/i386/highavailability/debug',
'content/fastrack/rhel/server/6/i386/highavailability/os',
'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',
'content/fastrack/rhel/server/6/i386/loadbalancer/debug',
'content/fastrack/rhel/server/6/i386/loadbalancer/os',
'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',
'content/fastrack/rhel/server/6/i386/optional/debug',
'content/fastrack/rhel/server/6/i386/optional/os',
'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',
'content/fastrack/rhel/server/6/i386/os',
'content/fastrack/rhel/server/6/i386/resilientstorage/debug',
'content/fastrack/rhel/server/6/i386/resilientstorage/os',
'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/6/i386/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/debug',
'content/fastrack/rhel/server/6/x86_64/highavailability/debug',
'content/fastrack/rhel/server/6/x86_64/highavailability/os',
'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/optional/debug',
'content/fastrack/rhel/server/6/x86_64/optional/os',
'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/os',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/6/s390x/debug',
'content/fastrack/rhel/system-z/6/s390x/optional/debug',
'content/fastrack/rhel/system-z/6/s390x/optional/os',
'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',
'content/fastrack/rhel/system-z/6/s390x/os',
'content/fastrack/rhel/system-z/6/s390x/source/SRPMS',
'content/fastrack/rhel/workstation/6/i386/debug',
'content/fastrack/rhel/workstation/6/i386/optional/debug',
'content/fastrack/rhel/workstation/6/i386/optional/os',
'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',
'content/fastrack/rhel/workstation/6/i386/os',
'content/fastrack/rhel/workstation/6/i386/source/SRPMS',
'content/fastrack/rhel/workstation/6/x86_64/debug',
'content/fastrack/rhel/workstation/6/x86_64/optional/debug',
'content/fastrack/rhel/workstation/6/x86_64/optional/os',
'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/workstation/6/x86_64/os',
'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',
'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',
'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',
'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.7.6-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.7.6-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.7.6-4.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.7.6-4.el6', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.7.6-4.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.7.6-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.7.6-4.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.7.6-4.el6', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.7.6-4.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.7.6-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / libxml2-static');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | libxml2 | p-cpe:/a:redhat:enterprise_linux:libxml2 |
| redhat | enterprise_linux | libxml2-devel | p-cpe:/a:redhat:enterprise_linux:libxml2-devel |
| redhat | enterprise_linux | libxml2-python | p-cpe:/a:redhat:enterprise_linux:libxml2-python |
| redhat | enterprise_linux | libxml2-static | p-cpe:/a:redhat:enterprise_linux:libxml2-static |
| redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
www.nessus.org/u?ed187da9
access.redhat.com/errata/RHSA-2011:1749
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=645341
bugzilla.redhat.com/show_bug.cgi?id=665963
bugzilla.redhat.com/show_bug.cgi?id=709747
bugzilla.redhat.com/show_bug.cgi?id=724906
bugzilla.redhat.com/show_bug.cgi?id=732335
bugzilla.redhat.com/show_bug.cgi?id=735712
bugzilla.redhat.com/show_bug.cgi?id=735751
Related
oraclelinux
oraclelinux
libxml2 security and bug fix update
2011-12-14 00:00:00
libxml2 security update
2012-01-11 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
nessus
nessus
Oracle Linux 6 : libxml2 (ELSA-2011-1749)
2023-09-07 00:00:00
Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64
2012-08-01 00:00:00
GLSA-201110-26 : libxml2: Multiple vulnerabilities
2011-10-27 00:00:00
redhat
redhat
(RHSA-2011:1749) Low: libxml2 security and bug fix update
2011-12-06 00:00:00
(RHSA-2012:0017) Important: libxml2 security update
2012-01-11 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-1749)
2015-10-06 00:00:00
RedHat Update for libxml2 RHSA-2011:1749-03
2012-07-09 00:00:00
Gentoo Security Advisory GLSA 201110-26 (libxml2)
2012-02-12 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
vmware
vmware
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESX updates to ESX Service Console
2012-04-26 00:00:00
securityvulns
securityvulns
libxml2 memory corruption
2011-10-16 00:00:00
[SECURITY] [DSA 2137-1] Security update for libxml2
2010-12-28 00:00:00
libxml double free vulnerability
2010-12-28 00:00:00
centos
centos
mingw32 security update
2013-02-01 00:53:30
libxml2 security update
2012-01-11 19:19:14
libxml2 security update
2012-01-11 18:47:59
osv
osv
libxml2 - several
2012-01-27 00:00:00
libxml2 - several vulnerabilities
2010-12-26 00:00:00
libxml2 - potential code execution
2010-12-01 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2012-01-19 00:00:00
libxml2 vulnerability
2011-06-16 00:00:00
libxml2 vulnerability
2010-11-10 00:00:00
debian
debian
[SECURITY] [DSA 2394-1] libxml2 security update
2012-01-26 22:46:37
[SECURITY] [DSA 2137-1] Security update for libxml2
2010-12-26 15:46:41
[SECURITY] [DSA-2128-1] New libxml2 packages fix potential code execution
2010-12-01 20:15:40
fedora
fedora
[SECURITY] Fedora 16 Update: libxml2-2.7.8-8.fc16
2012-09-27 04:35:19
[SECURITY] Fedora 17 Update: libxml2-2.7.8-9.fc17
2012-09-26 08:56:06
[SECURITY] Fedora 13 Update: libxml2-2.7.7-2.fc13
2011-04-14 20:57:28
altlinux
altlinux
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.8-alt3
2010-12-27 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.7.8-alt3
2010-12-27 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.7.8-alt3
2010-12-27 00:00:00
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:52:18
Denial Of Service (DoS)
2019-05-02 04:52:19
Denial Of Service (DoS) Through Double Free
2019-05-02 04:52:19
cve
cve
debiancve
debiancve
cvelist
cvelist
f5
f5
K51182024 : libxml2 2.7.8 vulnerability CVE-2010-4494
2020-06-17 00:00:00
ubuntucve
ubuntucve
prion
prion
Double free
2010-12-07 21:00:00
Integer overflow
2011-09-02 16:55:00
Design/Logic Flaw
2010-11-17 01:00:00
seebug
seebug
Apple Safari "libxml"远程代码执行漏洞
2011-12-08 00:00:00
freebsd
freebsd
libxml -- Integer overflow
2011-09-02 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Related for REDHAT-RHSA-2011-1749.NASL