You are here

T-664: Apache Santuario Buffer Overflow Lets Remote Users Deny Service

July 8, 2011 - 12:32pm

Addthis

PROBLEM:

A vulnerability was reported in Apache Santuario. A remote user can cause denial of service conditions.

PLATFORM:

Prior to 1.6.1 - Apache Santuario XML Security for C++ library versions prior to V1.6.1

ABSTRACT:

A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

reference LINKS:

SecurityTracker Alert ID: 1025755
Bugzilla: 719698: CVE-2011-2516 xml-security-c
The Apache Software Foundation - CVE-2011-2516

IMPACT ASSESSMENT:

Medium

Discussion:

A buffer overflow exists when creating or verifying XML signatures with RSA keys of sizes on the order of 8192 or more bits. This typically results in a crash and denial of service in applications that verify signatures using keys that could be supplied by an attacker.

Impact:

A remote attacker, using sufficiently long RSA key, could use this flaw to cause an application linked against the xml-security-c library to crash (denial of service), or, potentially, it to execute arbitrary code with the privileges of the user running the application.

Solution:

Mitigation: Applications using library versions older than V1.6.1 should upgrade as soon as possible. Distributors of older versions should apply the patches from this subversion revision.

Applications that can prevent the use of arbitrary keys supplied by an attacker (such as within the ds:KeyInfo element of a signature), or limit key sizes, may prevent the exploitation of this bug.

Addthis