Fedora 24 update for expat
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-4472 CVE-2016-5300 CVE-2016-0718 CVE-2012-6702 |
| CWE-ID | CWE-611 CWE-20 CWE-119 CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system expat Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) XXE attack
EUVDB-ID: #VU12378
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4472
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the overflow protection in Expat is removed by compilers with certain optimization settings. A remote attacker can supply specially crafted XML data and cause the service to crash.
The vulnerability exists due to incomplete fix for
CVE-2015-1283 and CVE-2015-2716.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 24
expat: before 2.1.1-2.fc24
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-7c6e7a9265
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU32074
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-5300
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (CPU consumption) via crafted identifiers in an XML document.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 24
expat: before 2.1.1-2.fc24
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-7c6e7a9265
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow in Tenable Nessus
EUVDB-ID: #VU200
Risk: Critical
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]
CVE-ID: CVE-2016-0718
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed input documents. A remote unauthenticated attacker can trigger a buffer overflow in the Expat XML parser library and execute arbitrary code by sending specially crafted data to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 24
expat: before 2.1.1-2.fc24
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-7c6e7a9265
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cryptographic issues
EUVDB-ID: #VU33052
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6702
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 24
expat: before 2.1.1-2.fc24
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-7c6e7a9265
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
