150 lines
No EOL
4.7 KiB
Text
150 lines
No EOL
4.7 KiB
Text
Bugtraq ID: 36097
|
|
Class: Input Validation Error
|
|
|
|
Published: Jan 17 2009 12:00AM
|
|
Updated: Nov 12 2009 08:06PM
|
|
Credit: Peter Valchev
|
|
Vulnerable: SuSE openSUSE 11.0
|
|
SuSE openSUSE 10.3
|
|
SuSE Linux 9
|
|
SuSE Linux 11
|
|
SuSE Linux 10.0
|
|
RedHat Fedora 11
|
|
RedHat Fedora 10
|
|
RedHat Enterprise Linux WS 4
|
|
RedHat Enterprise Linux WS 3
|
|
RedHat Enterprise Linux ES 4
|
|
RedHat Enterprise Linux ES 3
|
|
RedHat Enterprise Linux AS 4
|
|
RedHat Enterprise Linux AS 3
|
|
RedHat Enterprise Linux Desktop version 4
|
|
RedHat Desktop 3.0
|
|
Python Software Foundation Python 3.0.1
|
|
Python Software Foundation Python 2.6.2
|
|
Python Software Foundation Python 2.5.3
|
|
Python Software Foundation Python 2.5.2 r6
|
|
Python Software Foundation Python 2.5.2
|
|
Python Software Foundation Python 2.5.1
|
|
Python Software Foundation Python 2.4.5
|
|
Python Software Foundation Python 2.4.4 r14
|
|
Python Software Foundation Python 2.4.4
|
|
Python Software Foundation Python 2.4.3
|
|
+ Trustix Secure Linux 3.0.5
|
|
Python Software Foundation Python 2.4.2
|
|
Python Software Foundation Python 2.4.1
|
|
Python Software Foundation Python 2.4
|
|
Python Software Foundation Python 2.3.6
|
|
Python Software Foundation Python 2.3.5
|
|
Python Software Foundation Python 2.3.4
|
|
+ MandrakeSoft Linux Mandrake 10.1 x86_64
|
|
+ MandrakeSoft Linux Mandrake 10.1
|
|
+ S.u.S.E. Linux Personal 9.2 x86_64
|
|
+ S.u.S.E. Linux Personal 9.2
|
|
+ Ubuntu Ubuntu Linux 4.1 ppc
|
|
+ Ubuntu Ubuntu Linux 4.1 ia64
|
|
+ Ubuntu Ubuntu Linux 4.1 ia32
|
|
Python Software Foundation Python 2.3.3
|
|
+ MandrakeSoft Corporate Server 3.0 x86_64
|
|
+ MandrakeSoft Corporate Server 3.0
|
|
+ MandrakeSoft Linux Mandrake 10.0 AMD64
|
|
+ MandrakeSoft Linux Mandrake 10.0
|
|
+ MandrakeSoft Linux Mandrake 9.2 amd64
|
|
+ MandrakeSoft Linux Mandrake 9.2
|
|
+ S.u.S.E. Linux Personal 9.0 x86_64
|
|
+ S.u.S.E. Linux Personal 9.0
|
|
Python Software Foundation Python 2.3.2
|
|
Python Software Foundation Python 2.3.1
|
|
Python Software Foundation Python 2.3 b1
|
|
Python Software Foundation Python 2.3
|
|
+ S.u.S.E. Linux Personal 9.0 x86_64
|
|
+ S.u.S.E. Linux Personal 9.0
|
|
Python Software Foundation Python 2.2.3
|
|
+ RedHat Desktop 3.0
|
|
+ RedHat Enterprise Linux AS 3
|
|
+ RedHat Enterprise Linux ES 3
|
|
+ RedHat Enterprise Linux WS 3
|
|
+ Ubuntu Ubuntu Linux 4.1 ppc
|
|
+ Ubuntu Ubuntu Linux 4.1 ia64
|
|
+ Ubuntu Ubuntu Linux 4.1 ia32
|
|
Python Software Foundation Python 2.2.2
|
|
+ OpenPKG OpenPKG 1.2
|
|
+ RedHat Linux 7.3
|
|
+ S.u.S.E. Linux Personal 8.2
|
|
Python Software Foundation Python 2.2.1
|
|
+ Debian Linux 3.0 sparc
|
|
+ Debian Linux 3.0 s/390
|
|
+ Debian Linux 3.0 ppc
|
|
+ Debian Linux 3.0 mipsel
|
|
+ Debian Linux 3.0 mips
|
|
+ Debian Linux 3.0 m68k
|
|
+ Debian Linux 3.0 ia-64
|
|
+ Debian Linux 3.0 ia-32
|
|
+ Debian Linux 3.0 hppa
|
|
+ Debian Linux 3.0 arm
|
|
+ Debian Linux 3.0 alpha
|
|
+ Debian Linux 3.0
|
|
+ Gentoo Linux 1.4 _rc1
|
|
+ Gentoo Linux 1.2
|
|
+ MandrakeSoft Corporate Server 2.1 x86_64
|
|
+ MandrakeSoft Corporate Server 2.1
|
|
+ MandrakeSoft Linux Mandrake 9.0
|
|
+ OpenPKG OpenPKG 1.1
|
|
+ S.u.S.E. Linux 8.1
|
|
Python Software Foundation Python 2.2
|
|
+ Conectiva Linux 8.0
|
|
+ MandrakeSoft Linux Mandrake 8.2 ppc
|
|
+ MandrakeSoft Linux Mandrake 8.2
|
|
+ MandrakeSoft Linux Mandrake 8.1 ia64
|
|
+ MandrakeSoft Linux Mandrake 8.1
|
|
Python Software Foundation Python 2.1.3
|
|
+ Debian Linux 3.0
|
|
Python Software Foundation Python 2.1.2
|
|
Python Software Foundation Python 2.1.1
|
|
+ RedHat Linux 7.2
|
|
+ Sun Linux 5.0.7
|
|
Python Software Foundation Python 2.1
|
|
+ Conectiva Linux 7.0
|
|
+ Debian Linux 3.1 sparc
|
|
+ Debian Linux 3.1 s/390
|
|
+ Debian Linux 3.1 ppc
|
|
+ Debian Linux 3.1 mipsel
|
|
+ Debian Linux 3.1 mips
|
|
+ Debian Linux 3.1 m68k
|
|
+ Debian Linux 3.1 ia-64
|
|
+ Debian Linux 3.1 ia-32
|
|
+ Debian Linux 3.1 hppa
|
|
+ Debian Linux 3.1 arm
|
|
+ Debian Linux 3.1 amd64
|
|
+ Debian Linux 3.1 alpha
|
|
+ Debian Linux 3.1
|
|
+ Debian Linux 3.0 sparc
|
|
+ Debian Linux 3.0 s/390
|
|
+ Debian Linux 3.0 ppc
|
|
+ Debian Linux 3.0 mipsel
|
|
+ Debian Linux 3.0 mips
|
|
+ Debian Linux 3.0 m68k
|
|
+ Debian Linux 3.0 ia-64
|
|
+ Debian Linux 3.0 ia-32
|
|
+ Debian Linux 3.0 hppa
|
|
+ Debian Linux 3.0 arm
|
|
+ Debian Linux 3.0 alpha
|
|
+ Debian Linux 3.0
|
|
Python Software Foundation Python 2.0.1
|
|
Python Software Foundation Python 2.0
|
|
+ MandrakeSoft Linux Mandrake 8.0 ppc
|
|
+ MandrakeSoft Linux Mandrake 8.0
|
|
Python Software Foundation Python 2.5
|
|
Pardus Linux 2009 0
|
|
Pardus Linux 2008 0
|
|
James Clark Expat 2.0.1
|
|
Gentoo Linux
|
|
Not Vulnerable: Python Software Foundation Python 3.1.1
|
|
|
|
The Expat library is prone to a denial-of-service vulnerability because it fails to properly handle crafted XML data.
|
|
|
|
Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.
|
|
|
|
Expat 2.0.1 is vulnerable; other versions may also be affected.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/10206-1.gz (2009-11-22-36097.gz)
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/10206-2.gz (2009-11-22-36097-2.gz) |