Lucene search
RootSSV:2202HistorySep 11, 2007 - 12:00 a.m.
MapServer远程栈溢出及跨站脚本漏洞
2007-09-1100:00:00
Root
www.seebug.org
11
0.019 Low
EPSS
Percentile
88.7%
BUGTRAQ ID: 25582
CVE(CAN) ID: CVE-2007-4542,CVE-2007-4629
MapServer是一个开源的开发环境,是基于CGI的通过万维网来传输动态GIS与图像的应用程序。
MapServer处理用户数据时存在多个安全漏洞,远程攻击者可能利用此漏洞导致缓冲区溢出或跨站脚本执行。
MapServer的maptemplate.c文件中的processLine()函数及mapserv.c文件中的writeError()函数没有正确验证某些参数便返回给了用户,这允许远程攻击者通过跨站脚本攻击注入并执行任意HTML和脚本代码。
MapServer的maptemplate.c文件中的processLine()函数还存在栈溢出漏洞。如果用户受骗打开的地图文件中层、组或元数据项的名称超过了5120字节的话,就可能触发这个溢出,导致拒绝服务或执行任意指令。
University of Minnesota MapServer 4.10.2
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://download.osgeo.org/mapserver/mapserver-4.10.3.tar.gz” target=“_blank”>http://download.osgeo.org/mapserver/mapserver-4.10.3.tar.gz</a>
Related
openvas
openvas
Debian Security Advisory DSA 1539-1 (mapserver)
2008-04-21 00:00:00
Fedora Update for mapserver FEDORA-2007-2018
2009-02-27 00:00:00
Fedora Update for mapserver FEDORA-2007-2018
2009-02-27 00:00:00
nessus
nessus
Debian DSA-1539-1 : mapserver - several vulnerabilities
2008-04-11 00:00:00
Fedora 7 : mapserver-4.10.3-2.fc7 (2007-2018)
2007-11-06 00:00:00
MapServer Multiple Remote Vulnerabilities
2007-09-10 00:00:00
debian
debian
[SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities
2008-04-04 20:45:38
fedora
fedora
[SECURITY] Fedora 7 Update: mapserver-4.10.3-2.fc7
2007-09-04 22:14:11
osv
osv
mapserver - multiple vulnerabilities
2008-04-04 00:00:00
cve
cve
CVE-2007-4629
2007-08-31 01:17:00
CVE-2007-4542
2007-08-27 21:17:00
debiancve
debiancve
CVE-2007-4629
2007-08-31 01:17:00
CVE-2007-4542
2007-08-27 21:17:00
nvd
nvd
CVE-2007-4629
2007-08-31 01:17:00
CVE-2007-4542
2007-08-27 21:17:00
cvelist
cvelist
CVE-2007-4629
2007-08-31 01:00:00
CVE-2007-4542
2007-08-27 21:00:00
ubuntucve
ubuntucve
CVE-2007-4629
2007-08-31 00:00:00
CVE-2007-4542
2007-08-27 00:00:00
prion
prion
Buffer overflow
2007-08-31 01:17:00
Cross site scripting
2007-08-27 21:17:00