XML Library Flaw — Sun, Apache, GNOME Affected 140
bednarz writes with this excerpt from Network World:
"Vulnerabilities discovered in XML libraries from Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them, according to Codenomicon. The security vendor found flaws in XML parsers that made it fairly easy to cause a DoS attack, corruption of data, and delivery of a malicious payload using XML-based content. Codenomicon has shared its findings with industry and the open source groups, and a number of recommendations and patches for the XML-related vulnerabilities are expected to be made available Wednesday. In addition, a general security advisory is expected to be published by the Computer Emergency Response Team in Finland (CERT-FI)."
ASCII Delimited Security Issues (Score:2, Insightful)
Re:ASCII Delimited Security Issues (Score:5, Insightful)
Too bad these developers don't know how to write good unit tests... This could have been avoided..
That's unfair. I'm all about unit tests and they do help find bugs, but a unit test isn't going to find a precisely-crafted piece of malicious input.
Article?? (Score:5, Insightful)
Re:And they said XML was easy to parse (Score:4, Insightful)
Re:ASCII Delimited Security Issues (Score:2, Insightful)
It's just as easy to fuzz a binary-encoded protocol, it just doesn't require specialized tools. Ever heard of TCP/IP-based DoS attacks?
Why is Python excluded from Title? (Score:5, Insightful)
1st Line of Summary = Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project
Re:And they said XML was easy to parse (Score:1, Insightful)
Solution (Score:2, Insightful)
Re:Open source (Score:3, Insightful)
Re:ASCII Delimited Security Issues (Score:3, Insightful)
Re:And they said XML was easy to parse (Score:3, Insightful)
Which XML libraries? (Score:4, Insightful)
Which libraries? libxml2, expat, or some other library?
The last I'd checked, Python could use several XML libraries, and Sun distributed several libraries.
It would be nice if TFA had told us which libraries, or had a link to the actual report listing them.
Re:ASCII Delimited Security Issues (Score:2, Insightful)
Re:Why is Python excluded from Title? (Score:3, Insightful)
Because pythons are long and big and will not fit the title.
You should get the extra mod point on top of the current 4, just for the fact that your /. name has the word 'snake' in it.
Re:Unit Tests (Score:2, Insightful)
Exactly. Unit tests do not prove the absence of bugs. They prove the existence of bugs.