Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en Mapserver |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Mapserver < 4.10.3 |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en Mapserver 4.10.2 y anteriores. Las vulnerabilidades son descritas a continuación: - CVE-2007-4542: Se ha descubierto una vulnerabilidad de tipo Cross-Site Scripting. La vulnerabilidad reside en un error en la validación de la entrada y en el escape de la salida al manejar el template CGI. Un atacante remoto podría inyectar código arbitrario javaScript o HTML mediante métodos no especificados relacionados con la función "processLine()" del fichero "maptemplate.c" y la función "writeError()" del fichero "mapserv.c". - CVE-2007-4629: Se ha descubierto una vulnerabilidad de tipo desbordamiento de pila. La vulnerabilidad reside en un error en la comprobación de los límites al manejar el template. El error se encuentra en la función "processLine()" del fichero "maptemplate.c". Un atacante remoto podría ejecutar código arbitrario con privilegios del usuario "CGI" o "httpd" mediante un "mapfile" con un nombre de capa, un nombre de grupo o un nombre de entrada de metadato largo. |
|
Solución |
|
|
Actualización de software Debian (DSA-1539-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.dsc http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.diff.gz Architecture independent packages: http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch2_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_alpha.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_alpha.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_alpha.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_alpha.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_alpha.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_amd64.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_amd64.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_amd64.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_amd64.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_amd64.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_amd64.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_hppa.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_hppa.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_hppa.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_hppa.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_hppa.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_i386.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_i386.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_i386.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_i386.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_i386.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_ia64.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_ia64.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_ia64.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_ia64.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_ia64.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mips.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mips.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mips.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mips.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mips.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mipsel.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mipsel.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mipsel.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mipsel.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mipsel.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_powerpc.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_powerpc.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_powerpc.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_powerpc.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_powerpc.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_s390.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_s390.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_s390.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_s390.deb http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_s390.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_sparc.deb http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_sparc.deb http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_sparc.deb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_sparc.deb http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_sparc.deb http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2007-4542 CVE-2007-4629 |
| BID | 25582 |
Recursos adicionales |
|
|
Debian Security Advisory (DSA-1539-1) http://lists.debian.org/debian-security-announce/2008/msg00109.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2008-04-14 |