CVE-2009-2412

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

References

http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736

http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup

http://secunia.com/advisories/36138

http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup

http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733

http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup

http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735

http://www.securityfocus.com/bid/35949

http://secunia.com/advisories/36140

http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup

http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732

http://www.mandriva.com/security/advisories?name=MDVSA-2009:195

http://osvdb.org/56766

http://osvdb.org/56765

http://www.ubuntu.com/usn/usn-813-2

http://secunia.com/advisories/36166

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html

http://secunia.com/advisories/36233

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html

http://secunia.com/advisories/37152

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://support.apple.com/kb/HT3937

http://www.vupen.com/english/advisories/2009/3184

http://secunia.com/advisories/37221

http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225

http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://www.vupen.com/english/advisories/2010/1107

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a4[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2009-08-06

Updated: 2021-06-06

Type: CWE-189

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*

cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
67908Oracle Linux 3 : httpd (ELSA-2009-1205)NessusOracle Linux Local Security Checks
critical
67907Oracle Linux 4 / 5 : apr / apr-util (ELSA-2009-1204)NessusOracle Linux Local Security Checks
critical
60636Scientific Linux Security Update : httpd on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60635Scientific Linux Security Update : apr and apr-util on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
57603Apache 2.2.x < 2.2.13 APR apr_palloc Heap OverflowNessusWeb Servers
critical
50069Apache 2.0.x < 2.0.64 Multiple VulnerabilitiesNessusWeb Servers
high
49877SuSE 10 Security Update : libapr1 (ZYPP Patch Number 6545)NessusSuSE Local Security Checks
critical
46217SuSE9 Security Update : Apache 2 (YOU Patch Number 12613)NessusSuSE Local Security Checks
critical
44719Debian DSA-1854-1 : apr, apr-util - heap buffer overflowNessusDebian Local Security Checks
critical
43776CentOS 5 : apr (CESA-2009:1204)NessusCentOS Local Security Checks
critical
43000Mandriva Linux Security Advisory : apr (MDVSA-2009:314)NessusMandriva Local Security Checks
critical
800795Mac OS X 10.6 < 10.6.2 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5227Mac OS X 10.6 < 10.6.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
42434Mac OS X 10.6.x < 10.6.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
42433Mac OS X Multiple Vulnerabilities (Security Update 2009-006)NessusMacOS X Local Security Checks
critical
42323openSUSE 10 Security Update : libapr-util1 (libapr-util1-6547)NessusSuSE Local Security Checks
critical
42236SuSE 10 Security Update : libapr (ZYPP Patch Number 6546)NessusSuSE Local Security Checks
critical
42234SuSE 11 Security Update : libapr (SAT Patch Number 1374)NessusSuSE Local Security Checks
critical
42232openSUSE Security Update : libapr-util1 (libapr-util1-1375)NessusSuSE Local Security Checks
critical
42229openSUSE Security Update : libapr-util1 (libapr-util1-1375)NessusSuSE Local Security Checks
critical
40911GLSA-200909-03 : Apache Portable Runtime, APR Utility Library: Execution of arbitrary codeNessusGentoo Local Security Checks
critical
40543RHEL 3 : httpd (RHSA-2009:1205)NessusRed Hat Local Security Checks
critical
40542RHEL 4 / 5 : apr and apr-util (RHSA-2009:1204)NessusRed Hat Local Security Checks
critical
40532CentOS 3 : httpd (CESA-2009:1205)NessusCentOS Local Security Checks
critical
40531Ubuntu 8.04 LTS / 8.10 / 9.04 : apr-util vulnerability (USN-813-3)NessusUbuntu Local Security Checks
critical
40530Ubuntu 6.06 LTS : apache2 vulnerability (USN-813-2)NessusUbuntu Local Security Checks
critical
40529Ubuntu 8.04 LTS / 8.10 / 9.04 : apr vulnerability (USN-813-1)NessusUbuntu Local Security Checks
critical
40517Fedora 10 : apr-1.3.8-1.fc10 (2009-8360)NessusFedora Local Security Checks
critical
40516Fedora 11 : apr-util-1.3.9-1.fc11 (2009-8349)NessusFedora Local Security Checks
critical
40514Fedora 11 : apr-1.3.8-1.fc11 (2009-8336)NessusFedora Local Security Checks
critical
40513Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr-util (SSA:2009-219-03)NessusSlackware Local Security Checks
critical
40512Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr (SSA:2009-219-02)NessusSlackware Local Security Checks
critical
40509Mandriva Linux Security Advisory : apr (MDVSA-2009:195)NessusMandriva Local Security Checks
critical
40505Fedora 10 : apr-util-1.3.9-1.fc10 (2009-8318)NessusFedora Local Security Checks
critical