CVE-2009-3094LOW
Description
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
References
http://intevydis.com/vd-list.shtml
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://marc.info/?l=bugtraq&m=126998684522511&w=2
http://marc.info/?l=bugtraq&m=127557640302499&w=2
http://marc.info/?l=bugtraq&m=133355494609819&w=2
http://secunia.com/advisories/36549
http://secunia.com/advisories/37152
http://wiki.rpath.com/Advisories:rPSA-2009-0155
http://www.debian.org/security/2009/dsa-1934
http://www.intevydis.com/blog/?p=59
http://www.securityfocus.com/archive/1/508075/100/0/threaded
http://www.vupen.com/english/advisories/2010/0609
http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161
https://bugzilla.redhat.com/show_bug.cgi?id=521619
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
Details
Source: MITRE
Published: 2009-09-08
Updated: 2021-03-30
Type: NVD-CWE-Other
Risk Information
CVSS v2.0
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 67959 | Oracle Linux 4 : httpd (ELSA-2009-1580) | Nessus | Oracle Linux Local Security Checks | high |
| 67958 | Oracle Linux 3 / 5 : httpd (ELSA-2009-1579) | Nessus | Oracle Linux Local Security Checks | high |
| 67074 | CentOS 4 : httpd (CESA-2009:1580) | Nessus | CentOS Local Security Checks | high |
| 67073 | CentOS 3 / 5 : httpd (CESA-2009:1579) | Nessus | CentOS Local Security Checks | high |
| 60695 | Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 50069 | Apache 2.0.x < 2.0.64 Multiple Vulnerabilities | Nessus | Web Servers | high |
| 49826 | SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572) | Nessus | SuSE Local Security Checks | high |
| 47168 | Fedora 11 : httpd-2.2.14-1.fc11 (2009-12747) | Nessus | Fedora Local Security Checks | high |
| 44799 | Debian DSA-1934-1 : apache2 - multiple issues | Nessus | Debian Local Security Checks | high |
| 44120 | Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-024-01) | Nessus | Slackware Local Security Checks | high |
| 43329 | Fedora 12 : httpd-2.2.14-1.fc12 (2009-12606) | Nessus | Fedora Local Security Checks | high |
| 43090 | Fedora 10 : httpd-2.2.14-1.fc10 (2009-12604) | Nessus | Fedora Local Security Checks | high |
| 43042 | Mandriva Linux Security Advisory : apache (MDVSA-2009:323) | Nessus | Mandriva Local Security Checks | high |
| 42858 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-860-1) | Nessus | Ubuntu Local Security Checks | high |
| 42470 | RHEL 4 : httpd (RHSA-2009:1580) | Nessus | Red Hat Local Security Checks | high |
| 42469 | RHEL 3 / 5 : httpd (RHSA-2009:1579) | Nessus | Red Hat Local Security Checks | high |
| 42319 | openSUSE 10 Security Update : apache2 (apache2-6576) | Nessus | SuSE Local Security Checks | high |
| 42253 | SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571) | Nessus | SuSE Local Security Checks | high |
| 42252 | SuSE 11 Security Update : Apache 2 (SAT Patch Number 1417) | Nessus | SuSE Local Security Checks | high |
| 42248 | openSUSE Security Update : apache2 (apache2-1419) | Nessus | SuSE Local Security Checks | high |
| 42245 | openSUSE Security Update : apache2 (apache2-1419) | Nessus | SuSE Local Security Checks | high |
| 42243 | SuSE9 Security Update : Apache 2 (YOU Patch Number 12526) | Nessus | SuSE Local Security Checks | high |
| 42052 | Apache 2.2.x < 2.2.14 Multiple Vulnerabilities | Nessus | Web Servers | high |
| 800574 | Apache < 2.2.14 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
| 5196 | Apache < 2.2.14 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 41049 | Mandriva Linux Security Advisory : apache (MDVSA-2009:240) | Nessus | Mandriva Local Security Checks | high |