Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2079-1
HistoryJul 31, 2010 - 12:00 a.m.

mapserver - arbitrary code execution

2010-07-3100:00:00
Google
osv.dev
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

81.1%

JSON

Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2010-2539
    A stack-based buffer overflow in the msTmpFile function might lead to
    arbitrary code execution under some conditions.
  • CVE-2010-2540
    It was discovered that the CGI debug command-line arguments which are
    enabled by default are insecure and may allow a remote attacker to
    execute arbitrary code. Therefore they have been disabled by default.

For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny5.

For the testing distribution (squeeze), this problem has been fixed in
version 5.6.4-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.6.4-1.

We recommend that you upgrade your mapserver packages.

CPENameOperatorVersion
mapservereq5.0.3-3
mapservereq5.0.3-3+lenny4

Related

fedora 2
securityvulns 2
openvas 7
debian 1
nessus 3
prion 2
cve 2
ubuntucve 2
debiancve 2
fedora
fedora
[SECURITY] Fedora 13 Update: mapserver-5.6.5-1.fc13
2010-08-26 01:00:42
[SECURITY] Fedora 14 Update: mapserver-5.6.7-1.fc14
2011-08-02 02:00:49
securityvulns
securityvulns
[SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
2010-08-14 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-08-14 00:00:00
openvas
openvas
Fedora Update for mapserver FEDORA-2011-9555
2011-08-12 00:00:00
MapServer < 4.10.6, 5.x < 5.6.4 Multiple Vulnerabilities
2010-08-02 00:00:00
Debian Security Advisory DSA 2078-1 (mapserver)
2010-08-21 00:00:00
debian
debian
[SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution
2010-07-31 16:43:20
nessus
nessus
Fedora 13 : mapserver-5.6.5-1.fc13 (2010-12266)
2010-08-26 00:00:00
Debian DSA-2079-1 : mapserver - several vulnerabilities
2010-08-03 00:00:00
MapServer Insecure MapServ CGI Command-line Debug Args
2010-07-27 00:00:00
prion
prion
Command injection
2010-08-02 22:00:00
Buffer overflow
2010-08-02 22:00:00
cve
cve
CVE-2010-2540
2010-08-02 22:00:00
CVE-2010-2539
2010-08-02 22:00:00
ubuntucve
ubuntucve
CVE-2010-2540
2010-08-02 00:00:00
CVE-2010-2539
2010-08-02 00:00:00
debiancve
debiancve
CVE-2010-2540
2010-08-02 22:00:00
CVE-2010-2539
2010-08-02 22:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

81.1%

JSON
Related for OSV:DSA-2079-1
fedora2securityvulns2openvas7debian1nessus3prion2cve2ubuntucve2debiancve2