Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:195-1 First vendor Publication 2009-08-06
Vendor Mandriva Last vendor Modification 2009-08-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been identified and corrected in apr and apr-util:

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information (CVE-2009-2412).

This update provides fixes for these vulnerabilities.

Update:

apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:195-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13369
 
Oval ID: oval:org.mitre.oval:def:13369
Title: DSA-1854-1 apr, apr-util -- heap buffer overflow
Description: Matt Lewis discovered that the memory management code in the Apache Portable Runtime library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution. For the old stable distribution, this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package. For the stable distribution, this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your APR packages.
Family: unix Class: patch
Reference(s): DSA-1854-1
CVE-2009-2412
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apr
apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13483
 
Oval ID: oval:org.mitre.oval:def:13483
Title: USN-813-3 -- apr-util vulnerability
Description: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
Family: unix Class: patch
Reference(s): USN-813-3
CVE-2009-2412
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13834
 
Oval ID: oval:org.mitre.oval:def:13834
Title: USN-813-2 -- apache2 vulnerability
Description: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
Family: unix Class: patch
Reference(s): USN-813-2
CVE-2009-2412
Version: 5
Platform(s): Ubuntu 6.06
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13883
 
Oval ID: oval:org.mitre.oval:def:13883
Title: USN-813-1 -- apr vulnerability
Description: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
Family: unix Class: patch
Reference(s): USN-813-1
CVE-2009-2412
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): apr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22798
 
Oval ID: oval:org.mitre.oval:def:22798
Title: ELSA-2009:1204: apr and apr-util security update (Moderate)
Description: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2009:1204-01
CVE-2009-2412
Version: 6
Platform(s): Oracle Linux 5
Product(s): apr
apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29077
 
Oval ID: oval:org.mitre.oval:def:29077
Title: RHSA-2009:1204 -- apr and apr-util security update (Moderate)
Description: Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines.
Family: unix Class: patch
Reference(s): RHSA-2009:1204
CESA-2009:1204-CentOS 5
CVE-2009-2412
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): apr
apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8160
 
Oval ID: oval:org.mitre.oval:def:8160
Title: DSA-1854 apr, apr-util -- heap buffer overflow
Description: Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area, which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-1854
CVE-2009-2412
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): apr
apr-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8394
 
Oval ID: oval:org.mitre.oval:def:8394
Title: Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
Description: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2412
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9958
 
Oval ID: oval:org.mitre.oval:def:9958
Title: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Description: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2412
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 23
Application 24

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for apr CESA-2009:1204 centos5 i386
File : nvt/gb_CESA-2009_1204_apr_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1205 centos3 i386
File : nvt/gb_CESA-2009_1205_httpd_centos3_i386.nasl
2010-05-12 Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:314 (apr)
File : nvt/mdksa_2009_314.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:199-1 (subversion)
File : nvt/mdksa_2009_199_1.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
File : nvt/suse_sa_2009_050.nasl
2009-10-27 Name : SLES11: Security update for libapr
File : nvt/sles11_libapr-util10.nasl
2009-10-27 Name : SLES10: Security update for libapr
File : nvt/sles10_libapr-util10.nasl
2009-09-15 Name : Gentoo Security Advisory GLSA 200909-03 (apr apr-util)
File : nvt/glsa_200909_03.nasl
2009-08-17 Name : Ubuntu USN-813-3 (apr-util)
File : nvt/ubuntu_813_3.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1204
File : nvt/RHSA_2009_1204.nasl
2009-08-17 Name : Ubuntu USN-813-2 (apache2)
File : nvt/ubuntu_813_2.nasl
2009-08-17 Name : Ubuntu USN-813-1 (apr)
File : nvt/ubuntu_813_1.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1205 (httpd)
File : nvt/ovcesa2009_1205.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1204 (apr)
File : nvt/ovcesa2009_1204.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:199 (subversion)
File : nvt/mdksa_2009_199.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:195-1 (apr)
File : nvt/mdksa_2009_195_1.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:195 (apr)
File : nvt/mdksa_2009_195.nasl
2009-08-17 Name : Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
File : nvt/gb_apache_apr_n_apr_util_iof_vuln.nasl
2009-08-17 Name : FreeBSD Ports: subversion, subversion-freebsd, p5-subversion, py-subversion
File : nvt/freebsd_subversion1.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8360 (apr)
File : nvt/fcore_2009_8360.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8349 (apr-util)
File : nvt/fcore_2009_8349.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8336 (apr)
File : nvt/fcore_2009_8336.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8318 (apr-util)
File : nvt/fcore_2009_8318.nasl
2009-08-17 Name : Debian Security Advisory DSA 1854-1 (apr, apr-util)
File : nvt/deb_1854_1.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1205
File : nvt/RHSA_2009_1205.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-219-03 apr-util
File : nvt/esoft_slk_ssa_2009_219_03.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-219-02 apr
File : nvt/esoft_slk_ssa_2009_219_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56766 Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory...

56765 Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1204.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1205.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090810_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090810_apr_and_apr_util_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote web server is affected by a buffer overflow vulnerability.
File : apache_2_2_13.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libapr-util1-6545.nasl - Type : ACT_GATHER_INFO
2010-05-04 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12613.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1854.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1204.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-314.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_libapr-util1-6547.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libapr-util1-091012.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libapr-util1-091011.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libapr-util1-091011.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libapr-util1-6546.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200909-03.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-199.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1204.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1205.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1205.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-813-1.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-813-2.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-219-02.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-813-3.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8360.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8349.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8336.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-219-03.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-195.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8318.nasl - Type : ACT_GATHER_INFO