Vulnerability CVE-2011-0419


Published: 2011-05-16   Modified: 2012-02-13

Description:
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
Maksymilian Arci...
13.05.2011
Med.
Apache 2.2.17 mod_autoindex local/remote Denial of Service
Maksymilian Arci...
13.05.2011

Type:

CWE-399

(Resource Management Errors)

Vendor: Netbsd
Product: Netbsd 
Version: 5.1;
Vendor: Openbsd
Product: Openbsd 
Version: 4.8;
Vendor: Apache
Product: Http server 
Version:
2.2.9
2.2.8
2.2.6
2.2.4
2.2.3
2.2.2
2.2.17
2.2.16
2.2.15
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.1
2.2.0
2.2
2.1.9
2.1.8
2.1.7
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1
2.0.9
2.0.63
2.0.61
2.0.60
2.0.59
2.0.58
2.0.57
2.0.56
2.0.55
2.0.54
2.0.53
2.0.52
2.0.51
2.0.50
2.0.49
2.0.48
2.0.47
2.0.46
2.0.45
2.0.44
2.0.43
2.0.42
2.0.41
2.0.40
2.0.39
2.0.38
2.0.37
2.0.36
2.0.35
2.0.34
2.0.32
2.0.28
2.0
1.99
1.4.0
1.3.9
1.3.8
1.3.7
1.3.68
1.3.65
1.3.6
1.3.5
1.3.42
1.3.41
1.3.4
1.3.39
1.3.38
1.3.37
1.3.36
1.3.35
1.3.34
1.3.33
1.3.32
1.3.31
1.3.30
1.3.3
1.3.29
See more versions on NVD
Product: Portable runtime 
Version:
1.4.2
1.4.1
1.4.0
1.3.9
1.3.8
1.3.7
1.3.6-dev
1.3.6
1.3.5
1.3.4-dev
1.3.4
1.3.3
See more versions on NVD
Vendor: Apple
Product: Mac os x 
Version: 10.6.0;
Vendor: Oracle
Product: Solaris 
Version: 10;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22
http://cxib.net/stuff/apache.fnmatch.phps
http://cxib.net/stuff/apr_fnmatch.txts
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://marc.info/?l=bugtraq&m=131551295528105&w=2
http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=132033751509019&w=2
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://secunia.com/advisories/48308
http://securityreason.com/achievement_securityalert/98
http://securityreason.com/securityalert/8246
http://securitytracker.com/id?1025527
http://support.apple.com/kb/HT5002
http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902
http://svn.apache.org/viewvc?view=revision&revision=1098188
http://svn.apache.org/viewvc?view=revision&revision=1098799
http://www.apache.org/dist/apr/Announcement1.x.html
http://www.apache.org/dist/apr/CHANGES-APR-1.4
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.debian.org/security/2011/dsa-2237
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.redhat.com/support/errata/RHSA-2011-0507.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
https://bugzilla.redhat.com/show_bug.cgi?id=703390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804

Related CVE
CVE-2019-2879
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
CVE-2019-2878
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated...
CVE-2019-2877
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...
CVE-2019-2876
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...
CVE-2019-2875
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...
CVE-2019-2874
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...
CVE-2019-2873
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logo...
CVE-2019-2871
Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attac...

Copyright 2019, cxsecurity.com

 

Back to Top