Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0843

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2009-0843
Last Modified 27 Oct 2009 01:24:10
Published 31 Mar 2009 02:24:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0843

Summary

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.

Vulnerable Systems

Application

  • Umn Mapserver 4.0

  • Umn Mapserver 4.10

  • Umn Mapserver 4.10.0

  • Umn Mapserver 4.10.1

  • Umn Mapserver 4.10.2

  • Umn Mapserver 4.10.3

  • Umn Mapserver 4.2

  • Umn Mapserver 4.4.0

  • Umn Mapserver 4.6.0

  • Umn Mapserver 4.8

  • Umn Mapserver 5.0.0

  • Umn Mapserver 5.2.0

  • Umn Mapserver 5.2.1


References

MLIST - [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes

FEDORA - FEDORA-2009-3383

FEDORA - FEDORA-2009-3357

SECTRACK - 1021952

BID - 34306

BUGTRAQ - 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3

MISC - http://www.positronsecurity.com/advisories/2009-000.html

DEBIAN - DSA-1914

CONFIRM - http://trac.osgeo.org/mapserver/ticket/2939

SECUNIA - 34603

SECUNIA - 34520


Last Updated: 27 May 2016 10:50:22