Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2704

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2704
Last Modified 05 Aug 2011 12:00:00
Published 01 Aug 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2704

Summary

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

Vulnerable Systems

Application

  • Umn Mapserver 4.10

  • Umn Mapserver 4.10.0

  • Umn Mapserver 4.10.1

  • Umn Mapserver 4.10.2

  • Umn Mapserver 4.10.3

  • Umn Mapserver 4.10.4

  • Umn Mapserver 4.10.5

  • Umn Mapserver 4.10.6

  • Umn Mapserver 4.2

  • Umn Mapserver 4.4.0

  • Umn Mapserver 4.6.0

  • Umn Mapserver 4.8

  • Umn Mapserver 5.0.0

  • Umn Mapserver 5.2.0

  • Umn Mapserver 5.2.1

  • Umn Mapserver 5.2.2

  • Umn Mapserver 5.2.3

  • Umn Mapserver 5.4.0

  • Umn Mapserver 5.4.1

  • Umn Mapserver 5.4.2

  • Umn Mapserver 5.6.0

  • Umn Mapserver 5.6.1

  • Umn Mapserver 5.6.3

  • Umn Mapserver 5.6.4

  • Umn Mapserver 5.6.5

  • Umn Mapserver 5.6.6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=723293

MLIST - [oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

MLIST - [oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

CONFIRM - http://trac.osgeo.org/mapserver/ticket/3903

MLIST - [mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes

XF - mapserver-ogc-bo(68719)

BID - 48720

DEBIAN - DSA-2285

SECUNIA - 45368

SECUNIA - 45257


Last Updated: 27 May 2016 10:57:05