Vulnerability CVE-2008-2935

Vulnerability Name:

CVE-2008-2935 (CCN-44141)

Assigned:

2008-07-31

Published:

2008-07-31

Updated:

2018-10-11

Summary:

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2935

Source: CCN
Type: RHSA-2008-0649
Moderate: libxslt security update

Source: CCN
Type: CESA-2008-003 - rev 1
Heap-based buffer overflow in libxslt

Source: CCN
Type: SA31230
libxslt "crypto:rc4_encrypt" and "crypto:rc4_decrypt" Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31230

Source: SECUNIA
Type: UNKNOWN
31310

Source: SECUNIA
Type: UNKNOWN
31331

Source: SECUNIA
Type: UNKNOWN
31363

Source: SECUNIA
Type: UNKNOWN
31395

Source: SECUNIA
Type: UNKNOWN
31399

Source: SECUNIA
Type: UNKNOWN
32453

Source: GENTOO
Type: UNKNOWN
GLSA-200808-06

Source: SREASON
Type: UNKNOWN
4078

Source: CCN
Type: SECTRACK ID: 1020596
libxslt Heap Overflow in exsltCryptoRc4EncryptFunction() May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-373
libxslt security update (RHSA-2008-0649)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306

Source: DEBIAN
Type: UNKNOWN
DSA-1624

Source: DEBIAN
Type: DSA-1624
libxslt -- buffer overflows

Source: CCN
Type: GLSA-200808-06
libxslt: Execution of arbitrary code

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:160

Source: CCN
Type: oCERT Advisories #2008-009
libxslt heap overflow

Source: MISC
Type: Patch
http://www.ocert.org/advisories/ocert-2008-009.html

Source: MISC
Type: Exploit, Patch
http://www.ocert.org/patches/exslt_crypt.patch

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0649

Source: MISC
Type: UNKNOWN
http://www.scary.beasts.org/security/CESA-2008-003.html

Source: BUGTRAQ
Type: UNKNOWN
20080731 [oCERT-2008-009] libxslt heap overflow

Source: BUGTRAQ
Type: UNKNOWN
20080801 libxslt heap overflow

Source: BUGTRAQ
Type: UNKNOWN
20081027 rPSA-2008-0306-1 libxslt

Source: BID
Type: UNKNOWN
30467

Source: CCN
Type: BID-30467
libxslt RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020596

Source: CCN
Type: USN-633-1
libxslt vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-633-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-2266

Source: CCN
Type: XSLT Web page
libxslt

Source: XF
Type: UNKNOWN
libxslt-multiple-crypto-bo(44141)

Source: XF
Type: UNKNOWN
libxslt-multiple-crypto-bo(44141)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10827

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7029

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7062

Vulnerable Configuration:

Configuration 1:

cpe:/a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20082935	V	CVE-2008-2935	2015-11-16
oval:org.mitre.oval:def:29029	P	RHSA-2008:0649 -- libxslt security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:17713	P	USN-633-1 -- libxslt vulnerabilities	2014-06-30
oval:org.mitre.oval:def:20386	P	DSA-1624-1 libxslt - arbitrary code execution	2014-06-23
oval:org.mitre.oval:def:7764	P	DSA-1624 liebxslt -- buffer overflows	2014-06-23
oval:org.mitre.oval:def:22165	P	ELSA-2008:0649: libxslt security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10827	V	Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."	2013-04-29
oval:com.redhat.rhsa:def:20080649	P	RHSA-2008:0649: libxslt security update (Moderate)	2008-07-31
oval:org.debian:def:1624	V	buffer overflows	2008-07-31

BACK