CVE-2004-0989

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.6.12 through 2.6.13 libxml2 version 2.5.10 libxml2-devel version 2.5.10 libxml-devel versions 1.8.14 and 1.8.17 libxml versions 1.8.14 and 1.8.17 libxml2-python version 2.5.10

Description The issue involves multiple buffer overflows in libXML, potentially allowing remote attackers to execute arbitrary code. This can occur through various means, including a long FTP URL not properly handled by the xmlNanoFTPScanURL function, a long proxy URL containing FTP data not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including the xmlNanoFTPConnect, xmlNanoHTTPConnectHost functions. Exploitation of these vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For libxml2 versions 2.6.12 through 2.6.13, consider updating to a version that is not affected by these buffer overflows. For libxml2 version 2.5.10, update to a newer version to mitigate the risk. For libxml2-devel version 2.5.10, update to a version that includes the fix for the identified vulnerabilities. For libxml-devel versions 1.8.14 and 1.8.17, restrict access to the vulnerable functions until a patch is available. For libxml versions 1.8.14 and 1.8.17, avoid using the vulnerable xmlNanoFTPScanURL and xmlNanoFTPScanProxy functions in the affected API endpoints until the issue is resolved. For libxml2-python version 2.5.10, as a temporary workaround, consider disabling the vulnerable functions until a patch is available.