Vulnerability CVE-2011-0419


Published: 2011-05-16   Modified: 2012-02-13

Description:
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
Maksymilian Arci...
13.05.2011
Med.
Apache 2.2.17 mod_autoindex local/remote Denial of Service
Maksymilian Arci...
13.05.2011

Type:

CWE-399

(Resource Management Errors)

Vendor: Netbsd
Product: Netbsd 
Version: 5.1;
Vendor: Openbsd
Product: Openbsd 
Version: 4.8;
Vendor: Apache
Product: Http server 
Version:
2.2.9
2.2.8
2.2.6
2.2.4
2.2.3
2.2.2
2.2.17
2.2.16
2.2.15
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.1
2.2.0
2.2
2.1.9
2.1.8
2.1.7
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1
2.0.9
2.0.63
2.0.61
2.0.60
2.0.59
2.0.58
2.0.57
2.0.56
2.0.55
2.0.54
2.0.53
2.0.52
2.0.51
2.0.50
2.0.49
2.0.48
2.0.47
2.0.46
2.0.45
2.0.44
2.0.43
2.0.42
2.0.41
2.0.40
2.0.39
2.0.38
2.0.37
2.0.36
2.0.35
2.0.34
2.0.32
2.0.28
2.0
1.99
1.4.0
1.3.9
1.3.8
1.3.7
1.3.68
1.3.65
1.3.6
1.3.5
1.3.42
1.3.41
1.3.4
1.3.39
1.3.38
1.3.37
1.3.36
1.3.35
1.3.34
1.3.33
1.3.32
1.3.31
1.3.30
1.3.3
1.3.29
See more versions on NVD
Product: Portable runtime 
Version:
1.4.2
1.4.1
1.4.0
1.3.9
1.3.8
1.3.7
1.3.6-dev
1.3.6
1.3.5
1.3.4-dev
1.3.4
1.3.3
See more versions on NVD
Vendor: Apple
Product: Mac os x 
Version: 10.6.0;
Vendor: Oracle
Product: Solaris 
Version: 10;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22
http://cxib.net/stuff/apache.fnmatch.phps
http://cxib.net/stuff/apr_fnmatch.txts
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://marc.info/?l=bugtraq&m=131551295528105&w=2
http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=132033751509019&w=2
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://secunia.com/advisories/48308
http://securityreason.com/achievement_securityalert/98
http://securityreason.com/securityalert/8246
http://securitytracker.com/id?1025527
http://support.apple.com/kb/HT5002
http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902
http://svn.apache.org/viewvc?view=revision&revision=1098188
http://svn.apache.org/viewvc?view=revision&revision=1098799
http://www.apache.org/dist/apr/Announcement1.x.html
http://www.apache.org/dist/apr/CHANGES-APR-1.4
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.debian.org/security/2011/dsa-2237
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.redhat.com/support/errata/RHSA-2011-0507.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
https://bugzilla.redhat.com/show_bug.cgi?id=703390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804

Related CVE
CVE-2018-3302
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-3301
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attack...
CVE-2018-3299
Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol...
CVE-2018-3298
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru...
CVE-2018-3297
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru...
CVE-2018-3296
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru...
CVE-2018-3295
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru...
CVE-2018-3294
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP...

Copyright 2018, cxsecurity.com

 

Back to Top