Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 42735 - Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Summary: Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/10958/
Whiteboard:
Keywords:
: 66309 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-02-24 04:01 UTC by Christian Birchinger (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Birchinger (RETIRED) gentoo-dev 2004-02-24 04:01:26 UTC
The vulnerabilities are caused due to boundary errors in nanohttp and
nanoftp when parsing overly long URIs. This can be exploited to cause
a buffer overflow by supplying an overly long URI (about 4096
bytes).

Successful exploitation may potentially allow execution of arbitrary
code.


Reproducible: Always
Steps to Reproduce:
1.<none>
2.
3.

Actual Results:  
<none>

Expected Results:  
<none>

2.6.6 is already in portage but not marked stable yet. It would be a good
idea to mark it stable soon.

(Using normal Severity since it's just not marked stable)
Comment 1 Christian Birchinger (RETIRED) gentoo-dev 2004-02-24 04:26:35 UTC
Package marked stable. If you don't want to release a GLSA just close this bug.
Otherwise close it after releasing one :)
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-03-05 09:10:43 UTC
i think we should send a glsa. any one second this?
Comment 3 Spider (RETIRED) gentoo-dev 2004-03-05 13:16:13 UTC
yeah, tha t would be fitting.
Comment 5 solar (RETIRED) gentoo-dev 2004-03-05 15:41:20 UTC
re #4 looks good
Comment 6 Kurt Lieber (RETIRED) gentoo-dev 2004-03-28 03:20:11 UTC
closing old bug.  GLSA 200403-01
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-10-04 07:20:11 UTC
*** Bug 66309 has been marked as a duplicate of this bug. ***