Debian Local Security Checks : Debian Security Advisory DSA 2078-1 (mapserver)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.67834

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 2078-1 (mapserver)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing an update to mapserver
announced via advisory DSA 2078-1.

Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2010-2539

A stack-based buffer overflow in the msTmpFile function might lead to
arbitrary code execution under some conditions.

CVE-2010-2540

It was discovered that the CGI debug command-line arguments which are
enabled by default are insecure and may allow a remote attacker to
execute arbitrary code. Therefore they have been disabled by default.

For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny5.

For the testing distribution (squeeze), this problem has been fixed in
version 5.6.4-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.6.4-1.

We recommend that you upgrade your mapserver packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%202078-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-2539
BugTraq ID: 41855
http://www.securityfocus.com/bid/41855
http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html
http://marc.info/?l=oss-security&m=127973381215859&w=2
http://marc.info/?l=oss-security&m=127973754121922&w=2
XForce ISS Database: mapserver-mstmpfile-bo(60851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60851
Common Vulnerability Exposure (CVE) ID: CVE-2010-2540
XForce ISS Database: mapserver-cgi-code-execution(60852)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60852

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.67834
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2078-1 (mapserver)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to mapserver announced via advisory DSA 2078-1. Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2539 A stack-based buffer overflow in the msTmpFile function might lead to arbitrary code execution under some conditions. CVE-2010-2540 It was discovered that the CGI debug command-line arguments which are enabled by default are insecure and may allow a remote attacker to execute arbitrary code. Therefore they have been disabled by default. For the stable distribution (lenny), this problem has been fixed in version 5.0.3-3+lenny5. For the testing distribution (squeeze), this problem has been fixed in version 5.6.4-1. For the unstable distribution (sid), this problem has been fixed in version 5.6.4-1. We recommend that you upgrade your mapserver packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202078-1 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2539 BugTraq ID: 41855 http://www.securityfocus.com/bid/41855 http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html http://marc.info/?l=oss-security&m=127973381215859&w=2 http://marc.info/?l=oss-security&m=127973754121922&w=2 XForce ISS Database: mapserver-mstmpfile-bo(60851) https://exchange.xforce.ibmcloud.com/vulnerabilities/60851 Common Vulnerability Exposure (CVE) ID: CVE-2010-2540 XForce ISS Database: mapserver-cgi-code-execution(60852) https://exchange.xforce.ibmcloud.com/vulnerabilities/60852
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com