1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2009-2281
PublicDate: 2009-10-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2281
Description:
Multiple heap-based buffer underflows in the readPostBody function in
cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2
allow remote attackers to execute arbitrary code via (1) a crafted
Content-Length HTTP header or (2) a large HTTP request, related to an
integer overflow that triggers a heap-based buffer overflow. NOTE: this
issue reportedly exists because of an incomplete fix for CVE-2009-0840.
Ubuntu-Description:
Notes:
kees> for Intrepid and later, this should be mitigated by _FORTIFY_SOURCE.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_mapserver:
upstream_mapserver: released (5.4.2)
dapper_mapserver: ignored (reached end-of-life)
hardy_mapserver: released (5.0.0-3ubuntu0.1)
intrepid_mapserver: released (5.0.3-2ubuntu0.1)
jaunty_mapserver: released (5.0.3-3ubuntu0.1)
karmic_mapserver: not-affected
devel_mapserver: not-affected
|