CVE-2004-0989 - Appropriative Keyboard

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2) and possibly other versions may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function and other overflows related to manipulation of DNS length values including (3) xmlNanoFTPConnect (4) xmlNanoHTTPConnectHost and (5) xmlNanoHTTPConnectHost.

Reference

http://www.securityfocus.com/bid/11526 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://www.debian.org/security/2004/dsa-582 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 http://marc.info/?l=bugtraq&m=109880813013482&w=2 https://www.ubuntu.com/usn/usn-89-1/ https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 libxml2-xmlnanoftpscanurl-bo(17870) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505