Lucene search

DebianDEBIAN:DSA-2140-1:769DD

HistoryJan 05, 2011 - 9:32 p.m.

[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow

2011-01-0521:32:41

lists.debian.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.3%

JSON

Debian Security Advisory DSA-2140-1 [email protected]
http://www.debian.org/security/ Stefan Fritsch
January 05, 2011 http://www.debian.org/security/faq

Package : libapache2-mod-fcgid
Vulnerability : stack overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2010-3872

A vulnerability has been found in Apache mod_fcgid.
The Common Vulnerabilities and Exposures project identifies the
following problem:

CVE-2010-3872

A stack overflow could allow an untrusted FCGI application to cause
a server crash or possibly to execute arbitrary code as the user
running the web server.

For the stable distribution (lenny), this problem has been fixed
in version 2.2-1+lenny1.

For the unstable distribution (sid), and the testing distribution
(squeeze), this problem has been fixed in version 2.3.6-1.

We recommend that you upgrade your libapache2-mod-fcgid packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5hppalibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_hppa.deb
Debian5powerpclibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_powerpc.deb
Debian5armellibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_armel.deb
Debian5alllibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_all.deb
Debian5sparclibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_sparc.deb
Debian5s390libapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_s390.deb
Debian5armlibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_arm.deb
Debian5ia64libapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_ia64.deb
Debian5mipslibapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_mips.deb
Debian5i386libapache2-mod-fcgid< 1:2.2-1+lenny1libapache2-mod-fcgid_1:2.2-1+lenny1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	hppa	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_hppa.deb
Debian	5	powerpc	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_powerpc.deb
Debian	5	armel	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_armel.deb
Debian	5	all	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_all.deb
Debian	5	sparc	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_sparc.deb
Debian	5	s390	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_s390.deb
Debian	5	arm	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_arm.deb
Debian	5	ia64	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_ia64.deb
Debian	5	mips	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_mips.deb
Debian	5	i386	libapache2-mod-fcgid	< 1:2.2-1+lenny1	libapache2-mod-fcgid_1:2.2-1+lenny1_i386.deb