BID:52379

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

Info

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

Bugtraq ID:	52379
Class:	Input Validation Error
CVE:	CVE-2012-1147 CVE-2012-1148 CVE-2012-0876
Remote:	Yes
Local:	No
Published:	Mar 09 2012 12:00AM
Updated:	Mar 29 2017 03:01AM
Credit:	The vendor reported these issues.
Vulnerable:	Xerox FreeFlow Print Server (FFPS) 93.E0.21C Xerox FreeFlow Print Server (FFPS) 91.D2.32 Xerox FreeFlow Print Server (FFPS) 82.D1.44 Xerox FreeFlow Print Server (FFPS) 81.D0.73 Xerox FreeFlow Print Server (FFPS) 73.D2.33 Xerox FreeFlow Print Server (FFPS) 73.C5.11 VMWare ESX Server 4.1 VMWare ESX Server 4.0 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Sun Solaris 11 Sun Solaris 10 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle Solaris 11.3 Oracle Solaris 11.1 Oracle Solaris 10 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 James Clark Expat 2.0.1 IBM Websphere Application Server 9.0 IBM Websphere Application Server 8.5.5.0 - Liberty Pr IBM Websphere Application Server 8.5.5 Full Profile IBM Websphere Application Server 8.5 Liberty Profile IBM Websphere Application Server 8.5 Full Profile IBM Security Network Protection 5.3.3 IBM Security Network Protection 5.3.2 IBM Security Network Protection 5.3.1 IBM Netezza Analytics 3.2.2 IBM Netezza Analytics 3.2.1 IBM Netezza Analytics 3.2.0 IBM HTTP Server 9.0 IBM HTTP Server 8.5.5 IBM HTTP Server 8.5 IBM HTTP Server 8.0 IBM HTTP Server 7.0 IBM Flex System Manager 1.3.2 0 IBM Flex System Manager 1.2.1 IBM Flex System Manager 1.2 IBM Flex System Manager 1.1 IBM Flex System Manager 1.3.4.0 IBM Flex System Manager 1.3.3.0 IBM Flex System Manager 1.3.1 IBM Flex System Manager 1.3.0.1 IBM Flex System Manager 1.3.0 Gentoo Linux Eric Kidd XML-RPC for C/C++ 1.31 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP3 Avaya Voice Portal 5.1 SP2 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Conferencing Standard Edition 6.0.1 Avaya Conferencing Standard Edition 6.0 Avaya Aura System Platform 6.2.1 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.2.1.0.9 Avaya Aura System Platform 6.2 SP1 Avaya Aura System Platform 6.2 Avaya Aura System Platform 6.0.3.9.3 Avaya Aura System Platform 6.0.3.8.3 Avaya Aura System Platform 6.0.3.0.3 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.0 Avaya Aura System Manager 6.2.3 Avaya Aura System Manager 6.2 SP3 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.5 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura System Manager 5.0 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2.1 SSP3 Avaya Aura SIP Enablement Services 5.2.1 SSP2 Avaya Aura SIP Enablement Services 5.2.1 SP4 Avaya Aura SIP Enablement Services 5.2.1 SP2 Avaya Aura SIP Enablement Services 5.2 Avaya Aura SIP Enablement Services 5.1 Avaya Aura SIP Enablement Services 5.0 Avaya Aura Session Manager 6.1.5 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.0.1 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0.2 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2.4 Avaya Aura Session Manager 5.2.1 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 5.0 Avaya Aura Session Manager 1.1.1 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.2 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 SP2 Avaya Aura Presence Services 6.1 SP1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1.1 Avaya Aura Messaging 6.2 Avaya Aura Messaging 6.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0.1 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2.4.0.15 Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1.0.9.8 Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8 Avaya Aura Communication Manager Utility Services 6.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.2 Avaya Aura Communication Manager 6.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Communication Manager 5.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Apple Mac Os X 10.11.1 Apple Mac OS X 10.8.5 Apple Mac Os X 10.11

Not Vulnerable:	Oracle Solaris 11.3 SRU11.6 James Clark Expat 2.1 IBM Netezza Analytics 3.2.3.0 Eric Kidd XML-RPC for C/C++ 1.32 Avaya Voice Portal 5.1.3 Avaya Proactive Contact 5.1 Avaya Meeting Exchange 6.2 Avaya Aura System Platform 6.2.2 Avaya Aura System Manager 6.3 Avaya Aura Session Manager 6.2 Avaya Aura Presence Services 6.2 Avaya Aura Experience Portal 6.0.2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager Utility Services 6.3 Avaya Aura Communication Manager Utility Services 6.2.5.0.15 Avaya Aura Communication Manager 6.3 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Application Enablement Services 6.2 Apple Mac Os X 10.11.2 Apple Mac Os X Security Update 2015 Apple Mac OS X 10.9

Discussion

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data.

Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.

Expat versions prior to 2.1.0 are vulnerable.

Exploit / POC

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

MandrakeSoft Enterprise Server 5

Mandriva expat-2.0.1-7.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpython2.5-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpython2.5-devel-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva python-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva python-base-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva python-docs-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva tkinter-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva tkinter-apps-2.5.2-5.12mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

References

Expat XML Parsing Multiple Remote Denial of Service Vulnerabilities

References:

Changes in Expat 2.1.0 (James Clark)
Expat Homepage (James Clark)
History Of Code Changes (XML-RPC for C/C++ 1.32)
Multiple Resource Management Error vulnerabilities in libexpat (Oracle)
Multiple vulnerabilities in Python (Oracle)
ASA-2012-301: expat security update (RHSA-2012-0731) (Avaya)
isg3T1024076: IBM Flex System Manager (FSM) is affected by multiple expat vulner (IBM)
Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Serv (IBM)
Oracle Solaris Third Party Bulletin - July 2016 (Oracle)
Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 (IBM)
swg21988026: Security Bulletin: Multiple Denial of Service vulnerabilities with (IBM)
swg21988710:Multiple security vulnerabilities affect IBM WebSphere Application S (IBM)
swg21994401: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analy (IBM)
VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console (VMware)
Xerox Security Bulletin XRX13-007 (Xerox)