CVE-2009-2412high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
References
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup
http://secunia.com/advisories/36138
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735
http://www.securityfocus.com/bid/35949
http://secunia.com/advisories/36140
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732
http://www.mandriva.com/security/advisories?name=MDVSA-2009:195
http://www.ubuntu.com/usn/usn-813-2
http://secunia.com/advisories/36166
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html
http://secunia.com/advisories/36233
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://secunia.com/advisories/37152
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
http://secunia.com/advisories/37221
http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://www.vupen.com/english/advisories/2010/1107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 67908 | Oracle Linux 3 : httpd (ELSA-2009-1205) | Nessus | Oracle Linux Local Security Checks | critical |
| 67907 | Oracle Linux 4 / 5 : apr / apr-util (ELSA-2009-1204) | Nessus | Oracle Linux Local Security Checks | critical |
| 60636 | Scientific Linux Security Update : httpd on SL3.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 60635 | Scientific Linux Security Update : apr and apr-util on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 57603 | Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow | Nessus | Web Servers | critical |
| 50069 | Apache 2.0.x < 2.0.64 Multiple Vulnerabilities | Nessus | Web Servers | high |
| 49877 | SuSE 10 Security Update : libapr1 (ZYPP Patch Number 6545) | Nessus | SuSE Local Security Checks | critical |
| 46217 | SuSE9 Security Update : Apache 2 (YOU Patch Number 12613) | Nessus | SuSE Local Security Checks | critical |
| 44719 | Debian DSA-1854-1 : apr, apr-util - heap buffer overflow | Nessus | Debian Local Security Checks | critical |
| 43776 | CentOS 5 : apr (CESA-2009:1204) | Nessus | CentOS Local Security Checks | critical |
| 43000 | Mandriva Linux Security Advisory : apr (MDVSA-2009:314) | Nessus | Mandriva Local Security Checks | critical |
| 800795 | Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |
| 5227 | Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 42434 | Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 42433 | Mac OS X Multiple Vulnerabilities (Security Update 2009-006) | Nessus | MacOS X Local Security Checks | critical |
| 42323 | openSUSE 10 Security Update : libapr-util1 (libapr-util1-6547) | Nessus | SuSE Local Security Checks | critical |
| 42236 | SuSE 10 Security Update : libapr (ZYPP Patch Number 6546) | Nessus | SuSE Local Security Checks | critical |
| 42234 | SuSE 11 Security Update : libapr (SAT Patch Number 1374) | Nessus | SuSE Local Security Checks | critical |
| 42232 | openSUSE Security Update : libapr-util1 (libapr-util1-1375) | Nessus | SuSE Local Security Checks | critical |
| 42229 | openSUSE Security Update : libapr-util1 (libapr-util1-1375) | Nessus | SuSE Local Security Checks | critical |
| 40911 | GLSA-200909-03 : Apache Portable Runtime, APR Utility Library: Execution of arbitrary code | Nessus | Gentoo Local Security Checks | critical |
| 40543 | RHEL 3 : httpd (RHSA-2009:1205) | Nessus | Red Hat Local Security Checks | critical |
| 40542 | RHEL 4 / 5 : apr and apr-util (RHSA-2009:1204) | Nessus | Red Hat Local Security Checks | critical |
| 40532 | CentOS 3 : httpd (CESA-2009:1205) | Nessus | CentOS Local Security Checks | critical |
| 40531 | Ubuntu 8.04 LTS / 8.10 / 9.04 : apr-util vulnerability (USN-813-3) | Nessus | Ubuntu Local Security Checks | critical |
| 40530 | Ubuntu 6.06 LTS : apache2 vulnerability (USN-813-2) | Nessus | Ubuntu Local Security Checks | critical |
| 40529 | Ubuntu 8.04 LTS / 8.10 / 9.04 : apr vulnerability (USN-813-1) | Nessus | Ubuntu Local Security Checks | critical |
| 40517 | Fedora 10 : apr-1.3.8-1.fc10 (2009-8360) | Nessus | Fedora Local Security Checks | critical |
| 40516 | Fedora 11 : apr-util-1.3.9-1.fc11 (2009-8349) | Nessus | Fedora Local Security Checks | critical |
| 40514 | Fedora 11 : apr-1.3.8-1.fc11 (2009-8336) | Nessus | Fedora Local Security Checks | critical |
| 40513 | Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr-util (SSA:2009-219-03) | Nessus | Slackware Local Security Checks | critical |
| 40512 | Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr (SSA:2009-219-02) | Nessus | Slackware Local Security Checks | critical |
| 40509 | Mandriva Linux Security Advisory : apr (MDVSA-2009:195) | Nessus | Mandriva Local Security Checks | critical |
| 40505 | Fedora 10 : apr-util-1.3.9-1.fc10 (2009-8318) | Nessus | Fedora Local Security Checks | critical |