RHEL 5 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. (CVE-2012-0876) Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context- dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. (CVE-2012-1148) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is…Read More