Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0419

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-0419
Last Modified 15 Nov 2013 12:31:32
Published 16 May 2011 01:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0419

Summary

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.6.0

  • Freebsd

  • Google Android

  • Netbsd 5.1

  • Openbsd 4.8

  • Oracle Solaris 10

Application

  • Apache Http Server 0.8.11

  • Apache Http Server 0.8.14

  • Apache Http Server 1.0

  • Apache Http Server 1.0.2

  • Apache Http Server 1.0.3

  • Apache Http Server 1.0.5

  • Apache Http Server 1.1

  • Apache Http Server 1.1.1

  • Apache Http Server 1.2

  • Apache Http Server 1.2.4

  • Apache Http Server 1.2.5

  • Apache Http Server 1.2.6

  • Apache Http Server 1.2.9

  • Apache Http Server 1.3

  • Apache Http Server 1.3.0

  • Apache Http Server 1.3.1

  • Apache Http Server 1.3.1.1

  • Apache Http Server 1.3.10

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.13

  • Apache Http Server 1.3.14

  • Apache Http Server 1.3.15

  • Apache Http Server 1.3.16

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.2

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.33

  • Apache Http Server 1.3.34

  • Apache Http Server 1.3.35

  • Apache Http Server 1.3.36

  • Apache Http Server 1.3.37

  • Apache Http Server 1.3.38

  • Apache Http Server 1.3.39

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.41

  • Apache Http Server 1.3.42

  • Apache Http Server 1.3.5

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.65

  • Apache Http Server 1.3.68

  • Apache Http Server 1.3.7

  • Apache Http Server 1.3.8

  • Apache Http Server 1.3.9

  • Apache Http Server 1.4.0

  • Apache Http Server 1.99

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.9

  • Apache Http Server 2.1

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Apache Http Server 2.1.7

  • Apache Http Server 2.1.8

  • Apache Http Server 2.1.9

  • Apache Http Server 2.2

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.14

  • Apache Http Server 2.2.15

  • Apache Http Server 2.2.16

  • Apache Http Server 2.2.17

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.8

  • Apache Http Server 2.2.9

  • Apache Portable Runtime 0.9.1

  • Apache Portable Runtime 0.9.16-dev

  • Apache Portable Runtime 0.9.2

  • Apache Portable Runtime 0.9.2-dev

  • Apache Portable Runtime 0.9.3

  • Apache Portable Runtime 0.9.3-dev

  • Apache Portable Runtime 0.9.4

  • Apache Portable Runtime 0.9.5

  • Apache Portable Runtime 0.9.6

  • Apache Portable Runtime 0.9.7

  • Apache Portable Runtime 0.9.7-dev

  • Apache Portable Runtime 0.9.8

  • Apache Portable Runtime 0.9.9

  • Apache Portable Runtime 1.3.0

  • Apache Portable Runtime 1.3.1

  • Apache Portable Runtime 1.3.10

  • Apache Portable Runtime 1.3.11

  • Apache Portable Runtime 1.3.12

  • Apache Portable Runtime 1.3.13

  • Apache Portable Runtime 1.3.2

  • Apache Portable Runtime 1.3.3

  • Apache Portable Runtime 1.3.4

  • Apache Portable Runtime 1.3.4-dev

  • Apache Portable Runtime 1.3.5

  • Apache Portable Runtime 1.3.6

  • Apache Portable Runtime 1.3.6-dev

  • Apache Portable Runtime 1.3.7

  • Apache Portable Runtime 1.3.8

  • Apache Portable Runtime 1.3.9

  • Apache Portable Runtime 1.4.0

  • Apache Portable Runtime 1.4.1

  • Apache Portable Runtime 1.4.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=703390

CONFIRM - http://www.apache.org/dist/httpd/Announcement2.2.html

CONFIRM - http://www.apache.org/dist/apr/Announcement1.x.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1098799

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1098188

CONFIRM - http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902

MISC - http://cxib.net/stuff/apache.fnmatch.phps

REDHAT - RHSA-2011:0897

REDHAT - RHSA-2011:0896

REDHAT - RHSA-2011:0507

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15

MANDRIVA - MDVSA-2011:084

MLIST - [dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released

MLIST - [dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released

MLIST - [dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3

DEBIAN - DSA-2237

CONFIRM - http://www.apache.org/dist/apr/CHANGES-APR-1.4

CONFIRM - http://support.apple.com/kb/HT5002

SECTRACK - 1025527

SREASON - 8246

SREASONRES - 20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)

SECUNIA - 44574

SECUNIA - 44564

SECUNIA - 44490

HP - HPSBUX02707

HP - SSRT100626

HP - HPSBUX02702

HP - SSRT100606

APPLE - APPLE-SA-2011-10-12-3

CONFIRM - http://httpd.apache.org/security/vulnerabilities_22.html

MISC - http://cxib.net/stuff/apr_fnmatch.txts

CONFIRM - http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

HP - HPSBMU02704

SUSE - SUSE-SU-2011:1229

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

HP - HPSBOV02822

HP - SSRT100966

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

MANDRIVA - MDVSA-2013:150

Related Patches

Apple 2011-10-12 Mac OS X 10.7.2 Combo Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Update

Apple 2011-10-12 Mac OS X 10.7.2 Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Combo Update

Novell SUSE 2011:7610 libapr1 security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:58:03