Signature Detail
Short Name |
HTTP:STC:DL:GNOME-RC4-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
GNOME Project libxslt Library RC4 Key String Buffer Overflow |
Release Date |
2010/10/12 |
Update Number |
1790 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: GNOME Project libxslt Library RC4 Key String Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the libxslt library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
The 'libxslt' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects libxslt 1.1.8 to 1.1.24.
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Gentoo Linux
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2008.1
- Mandriva Linux Mandrake 2008.1 X86 64
- Pardus Linux 2007.1
- Pardus Linux 2007
- Pardus Linux 2008
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 8
- Red Hat Fedora 9
- rPath Appliance Platform Linux Service 1
- rPath Appliance Platform Linux Service 2
- rPath rPath Linux 1
- rPath rPath Linux 2
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
- Ubuntu Ubuntu Linux 7.10 Amd64
- Ubuntu Ubuntu Linux 7.10 I386
- Ubuntu Ubuntu Linux 7.10 Lpia
- Ubuntu Ubuntu Linux 7.10 Powerpc
- Ubuntu Ubuntu Linux 7.10 Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- XMLSoft libxslt 1.1.10
- XMLSoft libxslt 1.1.11
- XMLSoft libxslt 1.1.12
- XMLSoft libxslt 1.1.13
- XMLSoft libxslt 1.1.14
- XMLSoft libxslt 1.1.15
- XMLSoft libxslt 1.1.16
- XMLSoft libxslt 1.1.17
- XMLSoft libxslt 1.1.18
- XMLSoft libxslt 1.1.19
- XMLSoft libxslt 1.1.20
- XMLSoft libxslt 1.1.21
- XMLSoft libxslt 1.1.23
- XMLSoft libxslt 1.1.24
- XMLSoft libxslt 1.1.8
- XMLSoft libxslt 1.1.9
References
- BugTraq: 30467
- CVE: CVE-2008-2935