FKIE_CVE-2008-2935

Vulnerability from fkie_nvd - Published: 2008-08-01 14:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
References
secalert@redhat.comhttp://secunia.com/advisories/31230
secalert@redhat.comhttp://secunia.com/advisories/31310
secalert@redhat.comhttp://secunia.com/advisories/31331
secalert@redhat.comhttp://secunia.com/advisories/31363
secalert@redhat.comhttp://secunia.com/advisories/31395
secalert@redhat.comhttp://secunia.com/advisories/31399
secalert@redhat.comhttp://secunia.com/advisories/32453
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200808-06.xml
secalert@redhat.comhttp://securityreason.com/securityalert/4078
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1624
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:160
secalert@redhat.comhttp://www.ocert.org/advisories/ocert-2008-009.htmlPatch
secalert@redhat.comhttp://www.ocert.org/patches/exslt_crypt.patchExploit, Patch
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0649.html
secalert@redhat.comhttp://www.scary.beasts.org/security/CESA-2008-003.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/494976/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/495018/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/497829/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/30467
secalert@redhat.comhttp://www.securitytracker.com/id?1020596
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-633-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/2266/references
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/44141
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31230
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31310
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31331
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31363
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31395
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31399
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32453
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200808-06.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4078
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1624
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:160
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2008-009.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/patches/exslt_crypt.patchExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0649.html
af854a3a-2127-422b-91ae-364da2661108http://www.scary.beasts.org/security/CESA-2008-003.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494976/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/495018/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/497829/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30467
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020596
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-633-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2266/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/44141
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html
Impacted products
Vendor Product Version
xmlsoft libxslt 1.1.8
xmlsoft libxslt 1.1.9
xmlsoft libxslt 1.1.10
xmlsoft libxslt 1.1.11
xmlsoft libxslt 1.1.12
xmlsoft libxslt 1.1.13
xmlsoft libxslt 1.1.14
xmlsoft libxslt 1.1.15
xmlsoft libxslt 1.1.16
xmlsoft libxslt 1.1.17
xmlsoft libxslt 1.1.18
xmlsoft libxslt 1.1.19
xmlsoft libxslt 1.1.20
xmlsoft libxslt 1.1.21
xmlsoft libxslt 1.1.22
xmlsoft libxslt 1.1.23
xmlsoft libxslt 1.1.24
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en las funciones rc4 de (1) cifrado (aka exsltCryptoRc4EncryptFunction) y (2) descifrado (aka exsltCryptoRc4DecryptFunction) en crypto.c en libexslt en libxslt 1.1.8 hasta 1.1.24 permite a atacantes dependientes de contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero XML que contiene una larga cadena de caracteres como \"un argumento en la entrada XSL.\""
    }
  ],
  "id": "CVE-2008-2935",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-01T14:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31310"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31331"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31363"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31395"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31399"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/4078"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1624"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2008-009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.ocert.org/patches/exslt_crypt.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/30467"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020596"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-633-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2266/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2008-009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.ocert.org/patches/exslt_crypt.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-633-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2266/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.