Candidate: CVE-2009-2281
PublicDate: 2009-10-23 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2281
Description:
 Multiple heap-based buffer underflows in the readPostBody function in
 cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2
 allow remote attackers to execute arbitrary code via (1) a crafted
 Content-Length HTTP header or (2) a large HTTP request, related to an
 integer overflow that triggers a heap-based buffer overflow.  NOTE: this
 issue reportedly exists because of an incomplete fix for CVE-2009-0840.
Ubuntu-Description:
Notes:
 kees> for Intrepid and later, this should be mitigated by _FORTIFY_SOURCE.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mapserver:
upstream_mapserver: released (5.4.2)
dapper_mapserver: ignored (reached end-of-life)
hardy_mapserver: released (5.0.0-3ubuntu0.1)
intrepid_mapserver: released (5.0.3-2ubuntu0.1)
jaunty_mapserver: released (5.0.3-3ubuntu0.1)
karmic_mapserver: not-affected
devel_mapserver: not-affected