Cart
[Home] [By Thread] [By Date] [Recent Entries]
Costello, Roger L. wrote: > Hi Folks, > > This article [1] says that: > > Researchers have uncovered numerous vulnerabilities > in popular XML libraries from Sun Microsystems, > Python and the Apache Software Foundation. > > But it doesn't say *what* the vulnerabilities are. > > It says that: > > More details about some of the XML vulnerabilities > that were found [will be released] at the Hacker Halted > 2009 security conference in Miami, Florida, in September. > > Do you have information on specifically what the vulnerabilities are? > > /Roger > > [1] http://www.eweekeurope.co.uk/news/vulnerability-in-xml-libraries-discovered-1554 Finland CERT issued an advisory: <http://cert.fi/en/reports/2009/vulnerability2009085.html> "The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content." libxml2 was added to the list after the initial announcement. Chuck -- Chuck Bearden (cbearden@r... ; 713.348.3661) XML Engineer, Connexions http://cnx.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
