Vulnerability CVE-2011-1425

Vulnerability Name:

CVE-2011-1425 (CCN-66506)

Assigned:

2011-03-31

Published:

2011-03-31

Updated:

2017-08-17

Summary:

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-1425

Source: CONFIRM
Type: Patch
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Source: CONFIRM
Type: Patch
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Source: CCN
Type: RHSA-2011-0486
Moderate: xmlsec1 security and bug fix update

Source: CCN
Type: SA43920
XML Security Library XSLT File Access Vulnerability

Source: SECUNIA
Type: Vendor Advisory
43920

Source: SECUNIA
Type: UNKNOWN
44167

Source: SECUNIA
Type: UNKNOWN
44423

Source: CONFIRM
Type: UNKNOWN
http://trac.webkit.org/changeset/79159

Source: CCN
Type: aleksey Mailing List, Thu Mar 31 16:51:07 PDT 2011
New xmlsec 1.2.17 release

Source: MLIST
Type: Patch
[xmlsec] 20110331 New xmlsec 1.2.17 release

Source: CCN
Type: XML Security Library Web page
XML Security Library

Source: DEBIAN
Type: UNKNOWN
DSA-2219

Source: DEBIAN
Type: DSA-2219
xmlsec1 -- arbitrary file overwrite

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:063

Source: CCN
Type: OSVDB ID: 72303
XML Security Library XSLT output Extension Arbitrary File Manipulation

Source: CCN
Type: OSVDB ID: 74017
Apple Safari WebKit libxslt Unspecified Arbitrary File Creation

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0486

Source: BID
Type: UNKNOWN
47135

Source: CCN
Type: BID-47135
XML Security Library 'xslt.c' Arbitrary File Access Vulnerability

Source: SECTRACK
Type: UNKNOWN
1025284

Source: VUPEN
Type: UNKNOWN
ADV-2011-0855

Source: VUPEN
Type: UNKNOWN
ADV-2011-0858

Source: VUPEN
Type: UNKNOWN
ADV-2011-1010

Source: VUPEN
Type: UNKNOWN
ADV-2011-1172

Source: CONFIRM
Type: UNKNOWN
https://bugs.webkit.org/show_bug.cgi?id=52688

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=692133

Source: XF
Type: UNKNOWN
xmlsecurity-xmlfiles-sec-bypass(66506)

Source: XF
Type: UNKNOWN
xmlsecurity-xmlfiles-sec-bypass(66506)

Vulnerable Configuration:

Configuration 1:

cpe:/a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*

OR cpe:/a:aleksey:xml_security_library:*:*:*:*:*:*:*:* (Version <= 1.2.16)

OR cpe:/a:apple:webkit:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:12752	P	DSA-2219-1 xmlsec1 -- arbitrary file overwrite	2014-06-23
oval:org.mitre.oval:def:23103	P	ELSA-2011:0486: xmlsec1 security and bug fix update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21529	P	RHSA-2011:0486: xmlsec1 security and bug fix update (Moderate)	2014-02-24
oval:com.redhat.rhsa:def:20110486	P	RHSA-2011:0486: xmlsec1 security and bug fix update (Moderate)	2011-05-04
oval:com.ubuntu.precise:def:20111425000	V	CVE-2011-1425 on Ubuntu 12.04 LTS (precise) - medium.	2011-04-04

BACK