LibYAML and Perl YAML-LibYAML Module 'scanner.c' Remote Denial of Service Vulnerability

LibYAML and Perl YAML-LibYAML module are prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

Information

Bugtraq ID: 71349
Class: Input Validation Error
CVE: CVE-2014-9130

Remote: Yes
Local: No
Published: Nov 28 2014 12:00AM
Updated: Apr 21 2017 07:06AM
Credit: Stanislaw Pitucha
Vulnerable: Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Pyyaml Libyaml 0.1.6
Pyyaml Libyaml 0.1.5
Oracle Enterprise Linux 7
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Debian Linux 7.1
Debian Linux 7.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CPAN YAML-LibYAML 0
CentOS CentOS 6
AlienVault AlienVault 4.15
AlienVault AlienVault 4.13
AlienVault AlienVault 4.12.1
AlienVault AlienVault 4.12

Not Vulnerable: AlienVault AlienVault 4.15.1

Exploit

Attackers will likely use standard network tools to exploit this issue.

References:

Commit: Fix for https://bitbucket.org/xi/libyaml/issue/10/ (Libyaml)
libyaml / YAML-LibYAML DoS (Jonathan Gray )
LibYAML Homepage (LibYAML)
YAML-LibYAML Homepage (CPAN)
Security Advisory, AlienVault v4.15.1 addresses twenty (20) vulnerabilities (AlienVault)

Source: www.securityfocus.com

Exploit Collector

Search Exploit