Libxml2 xmlCurrentChar() denial of service

libxml2-xmlcurrentchar-dos (39610)

Low Risk

Description:

Libxml2 is vulnerable to a denial of service, caused by a failure to check for valid UTF-8 ent sequences by the xmlCurrentChar() function. By sending specially-crafted UTF-8 sequences, a remote attacker could cause the library to enter into an infinite loop, resulting in a denial of service.

Platforms Affected:

• Apple, iPhone 1.0
• Apple, iPhone 1.1.1
• Apple, iPhone 1.1.2
• Apple, iPhone 1.1.3
• Apple, iPhone 1.1.4
• Apple, iPod touch 1.1
• Apple, iPod touch 1.1.1
• Apple, iPod touch 1.1.2
• Apple, iPod touch 1.1.3
• Apple, iPod touch 1.1.4
• Canonical, Ubuntu 6.06 LTS
• Canonical, Ubuntu 6.10
• Canonical, Ubuntu 7.04
• Canonical, Ubuntu 7.10
• Debian, Debian Linux 3.1
• Debian, Debian Linux 4.0
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 2007
• MandrakeSoft, Mandrake Linux 2007 X86_64
• MandrakeSoft, Mandrake Linux 2007.1 X86_64
• MandrakeSoft, Mandrake Linux 2007.1
• MandrakeSoft, Mandrake Linux 2008.0
• MandrakeSoft, Mandrake Linux 2008.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 4.0
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 ES
• RedHat, Enterprise Linux 5
• RedHat, Enterprise Linux 5 Client
• RedHat, Enterprise Linux 5 Client Workstation
• RedHat, Linux Advanced Workstation 2.1 Itanium
• Sun, Solaris 10 SPARC
• Sun, Solaris 10 x86
• Sun, Solaris 9 SPARC
• Sun, Solaris 9 x86
• VideoLAN, VLC 0.8.6g
• VMware, ESX Server 2.5.4
• VMware, ESX Server 2.5.5
• XMLsoft, Libxml2 prior to 2.6.31

Remedy:

Upgrade to the latest version of Libxml2 (2.6.31 or later), available from the XMLsoft Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Denial of Service

References:

• Apple Web site, About the security content of iPhone v2.0 and iPod touch v2.0 at http://support.apple.com/kb/HT2351.
• BugTraq Mailing List, Fri Mar 28 2008 - 19:32:21 CDT, VMSA-2008-0006 Updated libxml2 service console package at http://archives.neohapsis.com/archives/bugtraq/2008-03/0434.html.
• Red Hat Bugzilla Bug 425927, CVE-2007-6284 libxml2: infinite loop in UTF-8 decoding at https://bugzilla.redhat.com/show_bug.cgi?id=425927.
• Sun Alert ID: 103201, Security Vulnerability in the libxml2 Library may Lead to a Denial of Service (DoS). at http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1.
• Sun Alert ID: 201514, Security Vulnerability in the libxml2 Library May Lead to a Denial of Service (DoS) at http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1.
• VideoLAN Web site, Changes between 0.8.6g and 0.8.6h at http://wiki.videolan.org/Changelog/0.8.6h.
• XMLsoft Web site, Libxml2 at http://www.xmlsoft.org/.
• ASA-2008-047: Security Vulnerability in the libxml2 Library may Lead to a Denial of Service (DoS). (Sun 103201)
• ASA-2008-050: libxml2 security update (RHSA-2008-0032)
• BID-27248: libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
• BID-30186: Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
• CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
• DSA-1461: libxml2 -- missing input validation
• GLSA-200801-20: libxml2: Denial of Service
• MDVSA-2008:010: Updated libxml2 packages fix DoS vulnerability
• RHSA-2008-0032: Important: libxml2 security update
• SA28444: Libxml2 UTF-8 Parsing Denial of Service Vulnerability
• SA28466: Sun Solaris Libxml2 UTF-8 Parsing Denial of Service
• SA28740: Avaya Products Libxml2 UTF-8 Parsing Denial of Service
• SA30560: VLC Media Player GnuTLS and Libxml2 Vulnerabilities
• SA31074: Apple iPhone / iPod touch Multiple Vulnerabilities
• SECTRACK ID: 1019181: Libxml2 UTF-8 Validation Flaw Lets Remote Users Deny Service
• SUSE-SR:2008:002: SUSE Security Summary Report
• USN-569-1: libxml2 vulnerability
• VUPEN/ADV-2008-0117: Libxml2 xmlCurrentChar() UTF-8 Parsing Denial of Service Vulnerability
• VUPEN/ADV-2008-0144: Sun Solaris Security Update Fixes Libxml2 Denial of Service Vulnerability
• VUPEN/ADV-2008-1033: VMware Security Update Fixes Libxml2 Denial of Service Vulnerability
• VUPEN/ADV-2008-1762: VLC Security Update Fixes GnuTLS and Libxml2 Vulnerabilities
• VUPEN/ADV-2008-2094: Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Reported:

Dec 17, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page