FreeBSD : libxml2 -- An off-by-one out-of-bounds write by XPointer (b8ae4659-a0da-11e1-a294-bcaec565249c)

NASLDB: FreeBSD : libxml2 -- An off-by-one out-of-bounds write by XPointer (b8ae4659-a0da-11e1-a294-bcaec565249c)

General

ID: 59207
Name: FreeBSD : libxml2 — An off-by-one out-of-bounds write by XPointer (b8ae4659-a0da-11e1-a294-bcaec565249c)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Google chrome team reports :

An off-by-one out-of-bounds write flaw was found in the way libxml, a
library for providing XML and HTML support, evaluated certain XPointer
parts (XPointer is used by libxml to include only the part from the
returned XML document, that can be accessed using the XPath expression
given with the XPointer). A remote attacker could provide a
specially-crafted XML file, which once opened in an application,
linked against libxml, would lead to that application crash, or,
potentially arbitrary code execution with the privileges of the user
running the application.

Note: The flaw to be exploited requires the particular application,
linked against libxml, to use the XPointer evaluation functionality.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-3202
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/05/15
Patch Release: 2012/05/18
Plugin Release: 2012/05/21

Plugin

Version: 1.1
Filename: freebsd_pkg_b8ae4659a0da11e1a294bcaec565249c.nasl
Filesize: 4953 bytes
MD5 Hash: 95788b14a2c5173594588a7395c15f9a

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"