 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.800548 |
| Category: | Web application abuses |
| Title: | MapServer < 4.10.4, 5.x < 5.2.2 Multiple Vulnerabilities |
| Summary: | MapServer is prone to multiple vulnerabilities. |
| Description: | Summary: MapServer is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Heap-based buffer underflow in the readPostBody function in cgiutil.c due to a negative value in the Content-Length HTTP header. - Stack-based buffer overflow in mapserv.c in mapserv while map with a long IMAGEPATH or NAME attribute via a crafted id parameter in a query action. - Directory traversal in mapserv.c in mapserv via a .. (dot dot) in the id parameter while running on Windows with Cygwin. - Buffer overflow in mapserv.c in mapserv does not ensure that the string holding an id parameter ends in a '\0' character. - Multiple stack-based buffer overflows in maptemplate.c in mapserv. - Different error messages are generated when a non existent file pathname is passed in the queryfile parameter inside the msLoadQuery function in mapserv. - Display of partial file contents within an error message is triggered while attempting to read arbitrary invalid .map files via a full pathname in the map parameter in mapserv. Vulnerability Impact: Successful exploitation will let attacker execute arbitrary code in the context of an affected web application and other such attacks such as, directory traversal, buffer overflow, and denial of service. Affected Software/OS: MapServer version 4.x before 4.10.4 and 5.x before 5.2.2 on all platforms. Solution: Update to version 4.10.4, 5.2.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0840 BugTraq ID: 34306 http://www.securityfocus.com/bid/34306 Bugtraq: 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 (Google Search) http://www.securityfocus.com/archive/1/502271/100/0/threaded Debian Security Information: DSA-1914 (Google Search) http://www.debian.org/security/2009/dsa-1914 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html http://www.positronsecurity.com/advisories/2009-000.html http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html http://www.securitytracker.com/id?1021952 http://secunia.com/advisories/34520 http://secunia.com/advisories/34603 XForce ISS Database: mapserver-contentlength-bo(49545) https://exchange.xforce.ibmcloud.com/vulnerabilities/49545 Common Vulnerability Exposure (CVE) ID: CVE-2009-0839 Common Vulnerability Exposure (CVE) ID: CVE-2009-0841 XForce ISS Database: mapserver-mapserv-dir-traversal(49548) https://exchange.xforce.ibmcloud.com/vulnerabilities/49548 Common Vulnerability Exposure (CVE) ID: CVE-2009-1176 Common Vulnerability Exposure (CVE) ID: CVE-2009-1177 Common Vulnerability Exposure (CVE) ID: CVE-2009-0843 Common Vulnerability Exposure (CVE) ID: CVE-2009-0842 |
| Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |