what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2009-2412

Status Candidate

Overview

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Related Files

Mandriva Linux Security Advisory 2009-314
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-314 - Multiple security vulnerabilities has been identified and fixed in apr and apr-util.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2412, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956
SHA-256 | 5a55dc7a21bb7948a31b389923144cacd08f07e3b91a30ff0c39089032a635bf
Gentoo Linux Security Advisory 200909-3
Posted Sep 10, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-03 - Multiple integer overflows in the Apache Portable Runtime and its Utility Library might allow for the remote execution of arbitrary code. Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Versions less than 1.3.8 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, unix, gentoo
advisories | CVE-2009-2412
SHA-256 | e025791469b883b31e8662ca33b485721cffa7a61392bcb66f5cc709573df1a8
Debian Linux Security Advisory 1854-1
Posted Aug 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1854-1 - Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-2412
SHA-256 | e54e6a6aa34c4763920eaf4d1c189495881575c78b71087121c170ba95aa79a3
Subversion Heap Overflows
Posted Aug 11, 2009
Authored by Matt Lewis

Subversion clients and servers, versions 1.6.0 through 1.6.3 and all versions prior to 1.5.7 suffer from several heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2009-2411, CVE-2009-2412
SHA-256 | 5fb21fd196a47fa32c9f15781dc6291a103c336a288af6ec506249d1ea6ca4a5
Ubuntu Security Notice 813-3
Posted Aug 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-813-3 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-2412
SHA-256 | a66bcad1d5b347e9c1508af29c81788f84378ee970957436e3d17b7879b48460
Ubuntu Security Notice 813-2
Posted Aug 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-813-2 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-2412
SHA-256 | 1baed221a5a1b81cd2b58835a729530c1b4518db9c82892766ecb7a4f5236762
Ubuntu Security Notice 813-1
Posted Aug 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-813-1 - Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-2412
SHA-256 | e9c60c6687e44151935903cf7df6706d95e898506cd5109483cdafb67fbe616f
Mandriva Linux Security Advisory 2009-195
Posted Aug 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-195-1 - Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. This update provides fixes for these vulnerabilities. apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been addressed with this update.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, unix, mandriva
advisories | CVE-2009-2412
SHA-256 | e19e12dfa374019271c826c77738cc19daeb2cb161a5a0018a0d7f70da9128ce
Mandriva Linux Security Advisory 2009-195
Posted Aug 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-195 - A vulnerability has been identified and corrected in apr and apr-util. This update provides fixes for these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2412
SHA-256 | 65a23f9e0b8882b8afe1e667bae3c05d6ad58e8e697a8011a4920ea95ebf1171
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close