MapServer Buffer Overflow And Unspecified Security Vulnerabilities Network Vulnerability

Summary

MapServer is prone to multiple remote vulnerabilities, including a buffer- overflow vulnerability and an unspecified security vulnerability affecting the CGI command-line debug arguments. An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application. Other attacks are also possible. Versions prior to MapServer 5.6.4 and 4.10.6 are vulnerable.

Solution

The vendor has released updates to address these issues. Please see the references for more information. UPDATE (June 22, 2009): Fixes for the buffer-overflow vulnerable tracked by CVE-2009-0840 are incomplete MapServer 4.10.4 and 5.2.2 may still be vulnerable to this issue.

References

http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html
http://mapserver.gis.umn.edu/
http://trac.osgeo.org/mapserver/ticket/3484
http://trac.osgeo.org/mapserver/ticket/3485
https://www.securityfocus.com/bid/41855

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2539, CVE-2010-2540

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alchemy Eye HTTP Command Execution
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Admin News Tools Multiple Vulnerabilities
Adobe ColdFusion Authentication Bypass Vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities

MapServer Buffer Overflow and Unspecified Security Vulnerabilities

Take action and discover your vulnerabilities