Vulnerability CVE-2009-2412


Published: 2009-08-06   Modified: 2010-08-21

Description:
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Type:

CWE-189

(Numeric Errors)

Vendor: Apache
Product: Apr-util 
Version:
1.3.8
1.3.7
1.3.6-dev
1.3.6
1.3.5
1.3.4-dev
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
0.9.9
0.9.8
0.9.7-dev
0.9.6
0.9.5
0.9.4
0.9.3-dev
0.9.3
0.9.2-dev
0.9.2
0.9.16
0.9.1
Product: Portable runtime 
Version:
1.3.8
1.3.7
1.3.6-dev
1.3.6
1.3.5
1.3.4-dev
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
0.9.9
0.9.8
0.9.7-dev
0.9.7
0.9.6
0.9.5
0.9.4
0.9.3-dev
0.9.3
0.9.2-dev
0.9.2
0.9.16-dev
0.9.1

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/35949
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2009/3184
http://www.ubuntu.com/usn/usn-813-2
http://www.mandriva.com/security/advisories?name=MDVSA-2009:195
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482
http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732
http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733
http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735
http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736
http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup
http://support.apple.com/kb/HT3937
http://secunia.com/advisories/37221
http://secunia.com/advisories/37152
http://secunia.com/advisories/36233
http://secunia.com/advisories/36166
http://secunia.com/advisories/36140
http://secunia.com/advisories/36138
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9958
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8394
http://osvdb.org/56766
http://osvdb.org/56765
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Related CVE
CVE-2017-7661
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF ...
CVE-2017-7662
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been...
CVE-2017-5655
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
CVE-2017-5654
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
CVE-2016-6799
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica...
CVE-2017-3161
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CVE-2017-3162
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Copyright 2017, cxsecurity.com