Vigil@nce: libxml2, denial of service via an entity
October 2008 by Vigil@nce
SYNTHESIS
An attacker can create a special XML file in order to create a
denial of service when it is analyzed by libxml2.
Gravity: 2/4
Consequences: denial of service of service, denial of service of
client
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 06/10/2008
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION
The libxml2 library implements features to handle data in the XML
format.
An XML file can contain special characters represented as
entities, such as "&abc;". These entities are defined in a DOCTYPE.
An attacker can create an entity calling a standard entity such as
"&", and call it in an attribute. The xmlParseStringEntityRef()
function of the libxml2 library then incorrectly uses a pointer,
which stops it. This vulnerability was created by the patch for
VIGILANCE-VUL-8146 (https://vigilance.aql.fr/tree/1/8146).
An attacker can therefore use a special entity in order to
generate a denial of service in applications linked to libxml2.
CHARACTERISTICS
Identifiers: 554660, BID-31555, CVE-2008-4409, FEDORA-2008-8575,
FEDORA-2008-8582, REJ-2008-4422, VIGILANCE-VUL-8147