Vulnerability CVE-2011-0419


Published: 2011-05-16   Modified: 2013-11-15

Description:
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)
Maksymilian Arci...
13.05.2011
Med.
Apache 2.2.17 mod_autoindex local/remote Denial of Service
Maksymilian Arci...
13.05.2011

Type:

CWE-399

(Resource Management Errors)

Vendor: Netbsd
Product: Netbsd 
Version: 5.1;
Vendor: Openbsd
Product: Openbsd 
Version: 4.8;
Vendor: Apache
Product: Http server 
Version:
2.2.9
2.2.8
2.2.6
2.2.4
2.2.3
2.2.2
2.2.17
2.2.16
2.2.15
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.1
2.2.0
2.2
2.1.9
2.1.8
2.1.7
2.1.6
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1
2.0.9
2.0.63
2.0.61
2.0.60
2.0.59
2.0.58
2.0.57
2.0.56
2.0.55
2.0.54
2.0.53
2.0.52
2.0.51
2.0.50
2.0.49
2.0.48
2.0.47
2.0.46
2.0.45
2.0.44
2.0.43
2.0.42
2.0.41
2.0.40
2.0.39
2.0.38
2.0.37
2.0.36
2.0.35
2.0.34
2.0.32
2.0.28
2.0
1.99
1.4.0
1.3.9
1.3.8
1.3.7
1.3.68
1.3.65
1.3.6
1.3.5
1.3.42
1.3.41
1.3.4
1.3.39
1.3.38
1.3.37
1.3.36
1.3.35
1.3.34
1.3.33
1.3.32
1.3.31
1.3.30
1.3.3
1.3.29
See more versions on NVD
Product: Portable runtime 
Version:
1.4.2
1.4.1
1.4.0
1.3.9
1.3.8
1.3.7
1.3.6-dev
1.3.6
1.3.5
1.3.4-dev
1.3.4
1.3.3
See more versions on NVD
Vendor: Apple
Product: Mac os x 
Version: 10.6.0;
Vendor: Oracle
Product: Solaris 
Version: 10;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=703390
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.apache.org/dist/apr/Announcement1.x.html
http://svn.apache.org/viewvc?view=revision&revision=1098799
http://svn.apache.org/viewvc?view=revision&revision=1098188
http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902
http://cxib.net/stuff/apache.fnmatch.phps
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0507.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.debian.org/security/2011/dsa-2237
http://www.apache.org/dist/apr/CHANGES-APR-1.4
http://support.apple.com/kb/HT5002
http://securitytracker.com/id?1025527
http://securityreason.com/securityalert/8246
http://securityreason.com/achievement_securityalert/98
http://secunia.com/advisories/44574
http://secunia.com/advisories/44564
http://secunia.com/advisories/44490
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14804
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14638
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://marc.info/?l=bugtraq&m=132033751509019&w=2
http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=131551295528105&w=2
http://marc.info/?l=bugtraq&m=131551295528105&w=2
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://cxib.net/stuff/apr_fnmatch.txts
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22

Related CVE
CVE-2017-3434
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "exploitable" vulnerability allows unauthenticated ...
CVE-2017-3347
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u...
CVE-2017-3355
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u...
CVE-2017-3356
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u...
CVE-2017-3342
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u...
CVE-2017-3345
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u...
CVE-2017-3623
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via mult...
CVE-2017-3625
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allow...

Copyright 2017, cxsecurity.com