Detections
Analytics

Debian DSA-2079-1 : mapserver - several vulnerabilities

critical Nessus Plugin ID 48222

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2010-2539 A stack-based buffer overflow in the msTmpFile function might lead to arbitrary code execution under some conditions.

 - CVE-2010-2540 It was discovered that the CGI debug command-line arguments which are enabled by default are insecure and may allow a remote attacker to execute arbitrary code.
 Therefore they have been disabled by default.

Solution

Upgrade the mapserver packages.

For the stable distribution (lenny), this problem has been fixed in version 5.0.3-3+lenny5.

See Also

https://security-tracker.debian.org/tracker/CVE-2010-2539

https://security-tracker.debian.org/tracker/CVE-2010-2540

https://www.debian.org/security/2010/dsa-2079

Plugin Details

Severity: Critical

ID: 48222

File Name: debian_DSA-2079.nasl

Version: 1.11

Type: local

Agent: unix

Published: 8/3/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mapserver, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/31/2010

Reference Information

CVE: CVE-2010-2539, CVE-2010-2540

BID: 41855

DSA: 2079