Apache mod_fcgid Module fcgid_header_bucket_read() Function Remote Stack Buffer Overflow

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is at risk of a buffer overflow attack.

Description :

According to its self-reported banner, the Apache web server listening
on this port includes a version of the mod_fcgid module earlier than
2.3.6. As such, it has a stack-based buffer overflow vulnerability
because of an error in the pointer arithmetic used in the
'fcgid_header_bucket_read()' function.

An unauthenticated, remote attacker can leverage this with a specially
crafted request to overwrite data on the stack, leading to an
application crash or possibly even arbitrary code execution subject to
the privileges under which the web server operates.

See also :

https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
http://www.nessus.org/u?012dfc54

Solution :

Update to version 2.3.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 54607 ()

Bugtraq ID: 44900

CVE ID: CVE-2010-3872