Summary
MapServer is prone to multiple remote vulnerabilities, including a buffer- overflow vulnerability and an unspecified security vulnerability affecting the CGI command-line debug arguments.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application.
Other attacks are also possible.
Versions prior to MapServer 5.6.4 and 4.10.6 are vulnerable.
Solution
The vendor has released updates to address these issues. Please see the references for more information.
UPDATE (June 22, 2009): Fixes for the buffer-overflow vulnerable tracked by CVE-2009-0840 are incomplete
MapServer 4.10.4 and 5.2.2
may still be vulnerable to this issue.
References
Severity
Classification
-
CVE CVE-2010-2539, CVE-2010-2540 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- AstroSPACES profile.php SQL Injection Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability