Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:127: libxml/libxml2 Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the libxml/libxml2 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:127 (libxml/libxml2).
Multiple buffer overflows were reported in the libxml XML parsing library.
These vulnerabilities may allow remote attackers to execute arbitray code via a
long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function,
a long proxy URL containing FTP data that is not properly handled by the
xmlNanoFTPScanProxy() function, and other overflows in the code that resolves
names via DNS.
The updated packages have been patched to prevent these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:127
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.