CVE-2009-0839

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
http://secunia.com/advisories/34520
http://secunia.com/advisories/34603
http://trac.osgeo.org/mapserver/ticket/2944	Vendor Advisory
http://www.debian.org/security/2009/dsa-1914
http://www.positronsecurity.com/advisories/2009-000.html	Exploit
http://www.securityfocus.com/archive/1/502271/100/0/threaded
http://www.securityfocus.com/bid/34306
http://www.securitytracker.com/id?1021952
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
http://secunia.com/advisories/34520
http://secunia.com/advisories/34603
http://trac.osgeo.org/mapserver/ticket/2944	Vendor Advisory
http://www.debian.org/security/2009/dsa-1914
http://www.positronsecurity.com/advisories/2009-000.html	Exploit
http://www.securityfocus.com/archive/1/502271/100/0/threaded
http://www.securityfocus.com/bid/34306
http://www.securitytracker.com/id?1021952
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:osgeo:mapserver:4.2.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:4.4.0:::::::*
	cpe:2.3:a:osgeo:mapserver:4.4.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:4.4.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:4.4.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:4.6.0:::::::*
	cpe:2.3:a:osgeo:mapserver:4.6.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:4.6.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:4.6.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:4.6.0:rc1::::::
	cpe:2.3:a:osgeo:mapserver:4.8.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:4.8.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:4.8.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:4.8.0:rc1::::::
	cpe:2.3:a:osgeo:mapserver:4.8.0:rc2::::::
	cpe:2.3:a:osgeo:mapserver:4.10.0:::::::*
	cpe:2.3:a:osgeo:mapserver:4.10.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:4.10.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:4.10.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:4.10.0:rc1::::::
	cpe:2.3:a:osgeo:mapserver:4.10.1:::::::*
	cpe:2.3:a:osgeo:mapserver:4.10.2:::::::*
	cpe:2.3:a:osgeo:mapserver:4.10.3:::::::*
	cpe:2.3:a:osgeo:mapserver:5.0.0:::::::*
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta4::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta5::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:beta6::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:rc1::::::
	cpe:2.3:a:osgeo:mapserver:5.0.0:rc2::::::
	cpe:2.3:a:osgeo:mapserver:5.2.0:::::::*
	cpe:2.3:a:osgeo:mapserver:5.2.0:beta1::::::
	cpe:2.3:a:osgeo:mapserver:5.2.0:beta2::::::
	cpe:2.3:a:osgeo:mapserver:5.2.0:beta3::::::
	cpe:2.3:a:osgeo:mapserver:5.2.0:beta4::::::
	cpe:2.3:a:osgeo:mapserver:5.2.0:rc1::::::
	cpe:2.3:a:osgeo:mapserver:5.2.1:::::::*
	cpe:2.3:a:umn:mapserver:4.0:::::::*
	cpe:2.3:a:umn:mapserver:4.0:beta1::::::
	cpe:2.3:a:umn:mapserver:4.0:beta2::::::

History

No history.

Information

Published : 2009-03-31 18:24

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0839

Mitre link : CVE-2009-0839

CVE.ORG link : CVE-2009-0839

JSON object : View

Products Affected

umn

mapserver

osgeo

mapserver

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10