Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities

Published: 2009-08-08
Last Updated: 2009-08-08 01:25:31 UTC
by Kevin Liston (Version: 1)
0 comment(s)

According to sun: "Sun OpenSSO Enterprise (formerly Sun Access Manager and Sun Federation Manager) is the single solution for Web access management, federation, and Web services security."  This doesn't affect every network out there, but the larger outfits might be running it, and should responding to this.

Sun recently published advisories addressing three vulnerabilities ranging from Denial of Service to execution of arbitrary code.

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Base CVSS 10.0

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Base CVSS 7.8

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Base CVSS 10.0

Note: In common with all of these CVEs is libxml2 2.7.x.

CVE-2008-3529, originally released September 2008, affects a lot of platforms.  Exploit code exists targeting Mac OSX which was patched back in May 2009.

While re-using code via libraries offers efficiencies in development and distribution of a technology, it also amplifies the impact of a vlunerability identified in said library.  It may be trivial to patch the issue in the library code, but that often requires many other applications to be rebuilt or relinked.  Often times these applications are home-grown and not maintained by large development teams.  Even organizations that have a group to manage vulnerabilities woudl be hard pressed to track the use of libraries in all of their in-house applications. 

I won't be surprised if we see these CVEs pop up again over the next couple of years.  The true impact of the vulnerability lies with the application that's calling it.  In the case of Sun OpenSSO this can have some serious implications.  You know the drill.

Keywords: libxml2
0 comment(s)
Diary Archives