Summary
The host is installed with Apache APR and APR-Util and is prone to multiple Integer Overflow vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service.
Impact Level: Application
Solution
Upgrade to Apache APR version 1.3.8 or APR-util version 1.3.9, http://apr.apache.org/download.cgi
or
Apply the patches for Apache APR-Utils 0.9.x or Apache APR version 0.9.x http://www.apache.org/dist/apr/patches/apr-0.9-CVE-2009-2412.patch http://www.apache.org/dist/apr/patches/apr-util-0.9-CVE-2009-2412.patch
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
- Error exists when vectors trigger crafted calls to the allocator_alloc or apr_palloc function in memory/unix/apr_pools.c in APR.
- Error in apr_rmm_malloc, apr_rmm_calloc or apr_rmm_realloc function in misc/apr_rmm.c caused while aligning relocatable memory blocks in APR-util.
Affected
Apache APR version 0.9.x and 1.3.x before 1.3.8
Apache APR-Utils version 0.9.x and 1.3.x before 1.3.9
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2412 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)
- Advantech Studio Multiple Buffer Overflow Vulnerabilities