Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2412
HistoryAug 06, 2009 - 12:00 a.m.

CVE-2009-2412

2009-08-0600:00:00
ubuntu.com
ubuntu.com
13

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.148

Percentile

95.8%

Multiple integer overflows in the Apache Portable Runtime (APR) library and
the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via vectors that trigger crafted calls to
the (1) allocator_alloc or (2) apr_palloc function in
memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc,
(4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in
APR-util; leading to buffer overflows. NOTE: some of these details are
obtained from third party information.

Notes

Author Note
jdstrand apache2 on hardy and higher uses system apr and apr-util
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2<Β 2.0.55-4ubuntu2.7UNKNOWN
ubuntu8.04noarchapr<Β 1.2.11-1ubuntu0.1UNKNOWN
ubuntu8.10noarchapr<Β 1.2.12-4ubuntu0.1UNKNOWN
ubuntu9.04noarchapr<Β 1.2.12-5ubuntu0.1UNKNOWN
ubuntu8.04noarchapr-util<Β 1.2.12+dfsg-3ubuntu0.2UNKNOWN
ubuntu8.10noarchapr-util<Β 1.2.12+dfsg-7ubuntu0.3UNKNOWN
ubuntu9.04noarchapr-util<Β 1.2.12+dfsg-8ubuntu0.3UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.148

Percentile

95.8%