English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 76783 CVE Beschreibungen
und 40246 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.66097
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 1914-1 (mapserver)
Zusammenfassung:Debian Security Advisory DSA 1914-1 (mapserver)
Beschreibung:The remote host is missing an update to mapserver
announced via advisory DSA 1914-1.

Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-0843

Missing input validation on a user supplied map queryfile name can be
used by an attacker to check for the existence of a specific file by
using the queryfile GET parameter and checking for differences in error
messages.

CVE-2009-0842

A lack of file type verification when parsing a map file can lead to
partial disclosure of content from arbitrary files through parser error
messages.

CVE-2009-0841

Due to missing input validation when saving map files under certain
conditions it is possible to perform directory traversal attacks and
to create arbitrary files.
NOTE: Unless the attacker is able to create directories in the image
path or there is already a readable directory this doesn't affect
installations on Linux as the fopen() syscall will fail in case a sub
path is not readable.

CVE-2009-0839

It was discovered that mapserver is vulnerable to a stack-based buffer
overflow when processing certain GET parameters. An attacker can use
this to execute arbitrary code on the server via crafted id parameters.

CVE-2009-0840

An integer overflow leading to a heap-based buffer overflow when
processing the Content-Length header of an HTTP request can be used by an
attacker to execute arbitrary code via crafted POST requests containing
negative Content-Length values.

CVE-2009-2281

An integer overflow when processing HTTP requests can lead to a
heap-based buffer overflow. An attacker can use this to execute arbitrary
code either via crafted Content-Length values or large HTTP request. This
is partly because of an incomplete fix for CVE-2009-0840.


For the oldstable distribution (etch), this problem has been fixed in
version 4.10.0-5.1+etch4.

For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny4.

For the testing distribution (squeeze), this problem has been fixed in
version 5.4.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.4.2-1.


We recommend that you upgrade your mapserver packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201914-1
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-0843
Bugtraq: 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502271/100/0/threaded
http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
http://www.positronsecurity.com/advisories/2009-000.html
Debian Security Information: DSA-1914 (Google Search)
http://www.debian.org/security/2009/dsa-1914
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
BugTraq ID: 34306
http://www.securityfocus.com/bid/34306
http://www.securitytracker.com/id?1021952
http://secunia.com/advisories/34520
http://secunia.com/advisories/34603
Common Vulnerability Exposure (CVE) ID: CVE-2009-0842
Common Vulnerability Exposure (CVE) ID: CVE-2009-0841
XForce ISS Database: mapserver-mapserv-dir-traversal(49548)
http://xforce.iss.net/xforce/xfdb/49548
Common Vulnerability Exposure (CVE) ID: CVE-2009-0840
XForce ISS Database: mapserver-contentlength-bo(49545)
http://xforce.iss.net/xforce/xfdb/49545
Common Vulnerability Exposure (CVE) ID: CVE-2009-0839
Common Vulnerability Exposure (CVE) ID: CVE-2009-2281
http://www.openwall.com/lists/oss-security/2009/07/01/1
http://www.openwall.com/lists/oss-security/2009/07/01/6
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 40246 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.