CVE-2010-3872: stack buffer overwrite
Bug #698060 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apache 2 mod_fcgid |
Fix Released
|
Critical
|
|||
libapache2-mod-fcgid (Debian) |
Fix Released
|
Unknown
|
|||
libapache2-mod-fcgid (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Steve Beattie | ||
Karmic |
Fix Released
|
Undecided
|
Steve Beattie | ||
Lucid |
Fix Released
|
Undecided
|
Steve Beattie | ||
Maverick |
Fix Released
|
Undecided
|
Steve Beattie |
Bug Description
Binary package hint: libapache2-
> The apr_status_t fcgid_header_
> fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does
> not use bytewise pointer arithmetic in certain circumstances,
> which has unknown impact and attack vectors related to
> "untrusted FastCGI applications" and a "stack buffer overwrite."
The bug is fixed by this upstream commit:
https:/
visibility: | private → public |
Changed in libapache2-mod-fcgid (Debian): | |
status: | Unknown → Fix Released |
Changed in mod-fcgid: | |
importance: | Unknown → Critical |
status: | Unknown → Fix Released |
To post a comment you must log in.
Version 2.3.6 already is in natty.