Ubuntu 6.06 LTS : apache2 vulnerability (USN-813-2)

Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-813-1 fixed vulnerabilities in apr. This update provides the
corresponding updates for apr as provided by Apache on Ubuntu 6.06
LTS.

Matt Lewis discovered that apr did not properly sanitize its input
when allocating memory. If an application using apr processed crafted
input, a remote attacker could cause a denial of service or
potentially execute arbitrary code as the user invoking the
application.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 40530 ()

Bugtraq ID: 35949

CVE ID: CVE-2009-2412