Launchpad.net

CVE 2009-0839

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

Related bugs and status

CVE-2009-0839 (Candidate) is related to these bugs:

Bug #398814: security: anyone can make mapserv read or write arbitrary files

		In	Importance	Status
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Dapper)	Undecided	Won't Fix
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Hardy)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Intrepid)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Jaunty)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [mapserver-users] 2009...
MISC: http://www.positronsec...
CONFIRM: http://trac.osgeo.org/...
BID: 34306
SECTRACK: 1021952
SECUNIA: 34520
FEDORA: FEDORA-2009-3357
FEDORA: FEDORA-2009-3383
SECUNIA: 34603
DEBIAN: DSA-1914
BUGTRAQ: 20090330 Positron Secu...