This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr)
and relocatable memory (apr-util) management
Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in the way the Apache Portable Runtime (APR)
manages memory pool and relocatable memory allocations. An attacker
could use these flaws to issue a specially-crafted request for memory
allocation, which would lead to a denial of service (application
crash) or, potentially, execute arbitrary code with the privileges of
an application using the APR libraries. (CVE-2009-2412)
Applications using the APR libraries, such as httpd, must be restarted
for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60635 ()
CVE ID: CVE-2009-2412