XML Library Flaw — Sun, Apache, GNOME Affected 140
bednarz writes with this excerpt from Network World:
"Vulnerabilities discovered in XML libraries from Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them, according to Codenomicon. The security vendor found flaws in XML parsers that made it fairly easy to cause a DoS attack, corruption of data, and delivery of a malicious payload using XML-based content. Codenomicon has shared its findings with industry and the open source groups, and a number of recommendations and patches for the XML-related vulnerabilities are expected to be made available Wednesday. In addition, a general security advisory is expected to be published by the Computer Emergency Response Team in Finland (CERT-FI)."
Re:ASCII Delimited Security Issues (Score:5, Funny)
A properly written unit test might have a chance of finding it if you take the approach of writing your unit tests by looking at how the function can fail.
I prefer not to find my bugs...
Re:Why is Python excluded from Title? (Score:5, Funny)
Because pythons are long and big and will not fit the title.
Re:Open source (Score:3, Funny)
You think I've come to the right place?
Re:Article?? (Score:3, Funny)
I've included a simple demonstration below - if your browser doesn't contain the flaw then you'll just see the literal XML exploit code (all 200+ lines of it), but if it's vulnerable then you'll only see the initial trigger element on either side of Cmdr Taco's favorite topic.
<\0pwned>OMGPonies!!11one!<\0pwn3d/>