CVE-2004-0989

CVE	CVE-2004-0989
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-03-01 05:00:00 UTC
Updated	2017-10-11 01:29:00 UTC
Description	Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Problem Types: NVD-CWE-Other

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Redhat	Fedora Core	core_2.0	All	All	All
Operating System	Redhat	Fedora Core	core_2.0	All	All	All
Operating System	Trustix	Secure Linux	2.0	All	All	All
Operating System	Trustix	Secure Linux	2.1	All	All	All
Operating System	Trustix	Secure Linux	2.0	All	All	All
Operating System	Trustix	Secure Linux	2.1	All	All	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ia64	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ppc	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ia64	All
Operating System	Ubuntu	Ubuntu Linux	4.1	All	ppc	All
Application	Xmlsoft	Libxml	1.8.17	All	All	All
Application	Xmlsoft	Libxml	1.8.17	All	All	All
Application	Xmlsoft	Libxml2	2.5.11	All	All	All
Application	Xmlsoft	Libxml2	2.6.11	All	All	All
Application	Xmlsoft	Libxml2	2.6.12	All	All	All
Application	Xmlsoft	Libxml2	2.6.13	All	All	All
Application	Xmlsoft	Libxml2	2.6.14	All	All	All
Application	Xmlsoft	Libxml2	2.6.6	All	All	All
Application	Xmlsoft	Libxml2	2.6.7	All	All	All
Application	Xmlsoft	Libxml2	2.6.8	All	All	All
Application	Xmlsoft	Libxml2	2.6.9	All	All	All
Application	Xmlsoft	Libxml2	2.5.11	All	All	All
Application	Xmlsoft	Libxml2	2.6.11	All	All	All
Application	Xmlsoft	Libxml2	2.6.12	All	All	All
Application	Xmlsoft	Libxml2	2.6.13	All	All	All
Application	Xmlsoft	Libxml2	2.6.14	All	All	All
Application	Xmlsoft	Libxml2	2.6.6	All	All	All
Application	Xmlsoft	Libxml2	2.6.7	All	All	All
Application	Xmlsoft	Libxml2	2.6.8	All	All	All
Application	Xmlsoft	Libxml2	2.6.9	All	All	All
Application	Xmlstarlet	Command Line Xml Toolkit	0.9.1	All	All	All
Application	Xmlstarlet	Command Line Xml Toolkit	0.9.1	All	All	All

Reference	Source	Link	Tags
Secunia - Advisories - Libxml2 Multiple Buffer Overflows	SECUNIA	secunia.com
11179	OSVDB	www.osvdb.org
Home - Conectiva	CONECTIVA	distro.conectiva.com.br
Support	REDHAT	www.redhat.com
'libxml2 remote buffer overflows (not in xml parsing code though)' - MARC	BUGTRAQ	marc.info
Repository / Oval Repository	OVAL	oval.cisecurity.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
11180	OSVDB	www.osvdb.org
Debian -- Security Information -- DSA-582-1 libxml	DEBIAN	www.debian.org
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
P-029: libxml and libxml2 Buffer Overflow	CIAC	www.ciac.org
SecurityTracker.com Archives - Libxml2 URL Parsing and DNS Resolution Buffer Overflows May Let Remote Users Execute Arbitrary Code	SECTRACK	securitytracker.com
11324	OSVDB	www.osvdb.org
Security Announcement	SUSE	www.novell.com
Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilities	BID	www.securityfocus.com	Exploit, Patch, Vendor Advisory
Gentoo Linux Documentation -- libxml2: Remotely exploitable buffer overflow	GENTOO	www.gentoo.org
APPLE-SA-2005-01-25 Security Update 2005-001	APPLE	lists.apple.com
usn/usn-89-1 - Ubuntu Linux	UBUNTU	www.ubuntu.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.