Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

EDB-ID:

10206


Platform:

Linux

Published:

2009-11-12

Bugtraq ID: 36097
Class: Input Validation Error

Published: Jan 17 2009 12:00AM
Updated: Nov 12 2009 08:06PM
Credit: Peter Valchev
Vulnerable: SuSE openSUSE 11.0
SuSE openSUSE 10.3
SuSE Linux 9
SuSE Linux 11
SuSE Linux 10.0
RedHat Fedora 11
RedHat Fedora 10
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Desktop 3.0
Python Software Foundation Python 3.0.1
Python Software Foundation Python 2.6.2
Python Software Foundation Python 2.5.3
Python Software Foundation Python 2.5.2 r6
Python Software Foundation Python 2.5.2
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4 r14
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
+ RedHat Linux 7.2
+ Sun Linux 5.0.7
Python Software Foundation Python 2.1
+ Conectiva Linux 7.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
Python Software Foundation Python 2.5
Pardus Linux 2009 0
Pardus Linux 2008 0
James Clark Expat 2.0.1
Gentoo Linux
Not Vulnerable: Python Software Foundation Python 3.1.1 

The Expat library is prone to a denial-of-service vulnerability because it fails to properly handle crafted XML data.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.

Expat 2.0.1 is vulnerable; other versions may also be affected. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/10206-1.gz (2009-11-22-36097.gz)
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/10206-2.gz (2009-11-22-36097-2.gz)