Bug 515515 (CVE-2009-1885) - CVE-2009-1885 xerces-c, xerces-c27: Stack overflow when parsing recursive XML structures
Summary: CVE-2009-1885 xerces-c, xerces-c27: Stack overflow when parsing recursive XML...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2009-1885
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://svn.apache.org/viewvc?view=rev...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-04 15:26 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:31 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-01 04:10:37 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2009-08-04 15:26:39 UTC
A stack overflow flaw was found in Apache Xerces by parsing root XML document
element DTD definition. Providing a specially-crafted XML file would
lead to excessive stack growth and denial of service (crash), when
opened by a victim.

Upstream patch:
---------------
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch

Credit:
-------
The flaw was discovered by Jukka Taimisto and Rauli Kaksonen from the
CROSS project at Codenomicon Ltd.

Comment 2 Jan Lieskovsky 2009-08-04 15:51:33 UTC
This issue affects the versions of the xerces-c and xerces-c27 packages,
as shipped with Fedora releases of 10 and 11.

This issue affects the versions of the xerces-c package,
as shipped within the Extra Packages for Enterprise Linux 4 (EPEL-4)
and Extra Packages for Enterprise Linux 5 (EPEL-5) projects.

Please fix.

Comment 4 Jan Lieskovsky 2009-08-06 12:01:50 UTC
Public now via:

    http://www.cert.fi/en/reports/2009/vulnerability2009085.html

Comment 5 Fedora Update System 2009-08-06 14:24:46 UTC
xerces-c-2.8.0-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/xerces-c-2.8.0-5.fc10

Comment 6 Fedora Update System 2009-08-06 14:24:54 UTC
xerces-c-2.8.0-5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/xerces-c-2.8.0-5.fc11

Comment 7 Fedora Update System 2009-08-06 14:56:56 UTC
xerces-c27-2.7.0-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/xerces-c27-2.7.0-8.fc11

Comment 8 Fedora Update System 2009-08-06 14:57:04 UTC
xerces-c27-2.7.0-8.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/xerces-c27-2.7.0-8.fc10

Comment 9 Fedora Update System 2009-08-06 14:57:12 UTC
xerces-c-2.7.0-8.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/xerces-c-2.7.0-8.el4

Comment 10 Fedora Update System 2009-08-06 14:57:20 UTC
xerces-c-2.7.0-8.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/xerces-c-2.7.0-8.el5

Comment 13 Jan Lieskovsky 2009-08-07 11:52:17 UTC
This issue affects the versions of Xerces-c package, as shipped
with Red Hat Enterprise MRG 1.1 for Red Hat Enterprise Linux 4
and Red Hat Enterprise Linux 5.

Comment 14 Jan Lieskovsky 2009-08-07 11:54:09 UTC
Official statement from Red Hat Security Response Team regarding this issue:
----------------------------------------------------------------------------

The Red Hat Security Response Team has rated this issue as having low security
impact, a future Xerces-c package update may address this flaw in Red Hat
Enterprise MRG 1.1. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/

Comment 15 Fedora Update System 2009-08-25 04:25:15 UTC
xerces-c27-2.7.0-8.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2009-08-25 04:40:45 UTC
xerces-c-2.8.0-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2009-08-25 04:41:05 UTC
xerces-c27-2.7.0-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2009-08-25 04:47:29 UTC
xerces-c-2.8.0-5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2009-09-01 20:27:40 UTC
xerces-c-2.7.0-8.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2009-09-01 20:27:58 UTC
xerces-c-2.7.0-8.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Peter Lemenkov 2009-09-25 13:20:43 UTC
Should be closed now, I suppose.

Comment 22 Tomas Hoger 2009-09-28 11:44:26 UTC
We actually do want to keep this open for bit longer, as xerces-c is shipped as part of some products, but due to the impact of the flaw itself and impact on particular product, updates are not expected to go out immediately.  So I will re-open, feel free to un-CC yourself, as all you care about is fixed by now.

Thank you!

Comment 23 Peter Lemenkov 2009-09-28 11:59:49 UTC
Ok, understood.
Feel free to do everything you need with this ticket :)

Comment 24 Kurt Seifried 2014-12-01 04:10:37 UTC
Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.


Note You need to log in before you can comment on or make changes to this bug.