CVE-2008-3529

特征库ID：
18086
漏洞级别：
critical
CVE ID：
CVE-2008-3529
建议的动作：
drop
受影响的系统：
Windows, Linux, MacOS
协议：

攻击漏洞描述

这表明试图利用 libxml2 中的缓冲区溢出漏洞。此漏洞是由 parser.c 中的 xmlParseAttValueComplex 函数在处理 XML 文件中格式错误的实体名称时出错引起的。它允许远程攻击者通过精心设计的 XML 页面执行任意代码。

影响范围

XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.6.16 XMLSoft Libxml2 2.6.15 XMLSoft Libxml2 2.6.14 XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 XMLSoft Libxml2 2.6.9 XMLSoft Libxml2 2.6.8 + RedHat Fedora Core2 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 XMLSoft Libxml2 2.5.10 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 XMLSoft Libxml2 2.5.1 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 10.0_x86 Sun Solaris 10 Sun OpenSolaris build snv_99 Sun OpenSolaris build snv_96 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_90 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_87 Sun OpenSolaris build snv_85 Sun OpenSolaris build snv_84 Sun OpenSolaris build snv_83 Sun OpenSolaris build snv_82 Sun OpenSolaris build snv_80 Sun OpenSolaris build snv_78 Sun OpenSolaris build snv_77 Sun OpenSolaris build snv_76 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_61 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_29 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_100 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 rPath rPath Linux 2 rPath rPath Linux 1 rPath Appliance Platform Linux Service 2 rPath Appliance Platform Linux Service 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service - CCSS7 0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya Voice Portal 3.0 Avaya SIP Enablement Services 3.1.2 Avaya SIP Enablement Services 5.0 Avaya SIP Enablement Services 4.0 Avaya Proactive Contact 4.0 Avaya Proactive Contact 3.0 Avaya Proactive Contact 0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 4.0 Avaya Messaging Storage Server 3.1 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Meeting Exchange - Enterprise Edition Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya EMMC 0 Avaya Communication Manager 4.0.3 SP1 Avaya Communication Manager 3.1.4 SP2 Avaya Communication Manager 5.1 Avaya Communication Manager 5.0 SP3 Avaya Communication Manager 5.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya CMS Server 13.0 Avaya CMS Server 15.0 Avaya CMS Server 14.1 Avaya CMS Server 14.0 Avaya CMS Server 13.1 Avaya AES 4.2.1 Avaya AES 3.1.6 Apple Safari 3.2.2 for Windows Apple Safari 3.1.2 for Windows Apple Safari 3.1.2 Apple Safari 3.1.1 for Windows Apple Safari 3.1.1 Apple Safari 3.0.4 Beta for Windows Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 4 Beta Apple Safari 3.2 Apple Safari 3.1 for Windows Apple Safari 3.1 Apple Safari 3 Beta for Windows Apple Safari 3 Beta Apple Safari 3