Nortel Response to Sun Alert 247346 - Solaris libxml2 Library Vulnerability May Lead to Denial of Service (DoS)
| Description: |
Sun Microsystems has recently released Sun Alert 247346 - A Security Vulnerability in the libxml2 Library May Lead to Denial of Service (DoS). According to Sun, a security vulnerability in the libxml2 library (see libxml2(3)) bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted XML file to cause a denial of service (DoS) to the application which is using the libxml2 library (or potentially to the system as a whole as the application may consume excessive resources). This vulnerability may impact applications making use of this library, and the precise impact will vary depending on the application. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 247346 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247346-1 This bulletin addresses the following CVE: 1. CVE-2008-3529 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529) Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2009009314, Rev 1 |
| Status: |
Retired |
| Date: |
2009-08-27 |
