Executive Summary

Informations
Name CVE-2009-0839 First vendor Publication 2009-03-31
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0839

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 39
Application 3

OpenVAS Exploits

Date Description
2009-10-27 Name : Debian Security Advisory DSA 1914-1 (mapserver)
File : nvt/deb_1914_1.nasl
2009-09-09 Name : Fedora Core 11 FEDORA-2009-9230 (mapserver)
File : nvt/fcore_2009_9230.nasl
2009-09-09 Name : Fedora Core 10 FEDORA-2009-9243 (mapserver)
File : nvt/fcore_2009_9243.nasl
2009-04-15 Name : Fedora Core 10 FEDORA-2009-3357 (mapserver)
File : nvt/fcore_2009_3357.nasl
2009-04-15 Name : Fedora Core 9 FEDORA-2009-3383 (mapserver)
File : nvt/fcore_2009_3383.nasl
2009-04-08 Name : Multiple Vulnerabilities In MapServer
File : nvt/gb_mapserver_mult_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56329 MapServer mapserv mapserv.c Query Action Multiple Map Attribute Handling Remo...

Nessus® Vulnerability Scanner

Date Description
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1914.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3357.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3383.nasl - Type : ACT_GATHER_INFO
2009-04-02 Name : The remote web server contains a CGI script that is affected by multiple flaws.
File : mapserver_5_2_2.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
http://secunia.com/advisories/34520
http://secunia.com/advisories/34603
http://trac.osgeo.org/mapserver/ticket/2944
http://www.debian.org/security/2009/dsa-1914
http://www.positronsecurity.com/advisories/2009-000.html
http://www.securityfocus.com/archive/1/502271/100/0/threaded
http://www.securityfocus.com/bid/34306
http://www.securitytracker.com/id?1021952
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2024-11-28 23:11:43
  • Multiple Updates
2024-11-28 12:18:28
  • Multiple Updates
2021-06-07 21:23:28
  • Multiple Updates
2021-06-01 17:23:09
  • Multiple Updates
2021-05-29 00:23:08
  • Multiple Updates
2021-05-04 12:09:14
  • Multiple Updates
2021-04-22 01:09:34
  • Multiple Updates
2020-05-23 00:23:28
  • Multiple Updates
2018-10-11 00:19:32
  • Multiple Updates
2016-04-26 18:41:14
  • Multiple Updates
2014-02-17 10:49:08
  • Multiple Updates
2013-05-10 23:45:44
  • Multiple Updates