Launchpad.net

CVE 2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.

Related bugs and status

CVE-2009-0842 (Candidate) is related to these bugs:

Bug #398814: security: anyone can make mapserv read or write arbitrary files

		In	Importance	Status
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Dapper)	Undecided	Won't Fix
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Hardy)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Intrepid)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Jaunty)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [mapserver-users] 2009...
MISC: http://www.positronsec...
CONFIRM: http://trac.osgeo.org/...
BID: 34306
SECTRACK: 1021952
SECUNIA: 34520
FEDORA: FEDORA-2009-3357
FEDORA: FEDORA-2009-3383
SECUNIA: 34603
DEBIAN: DSA-1914
BUGTRAQ: 20090330 Positron Secu...