Candidate: CVE-2010-3872
PublicDate: 2010-11-22 12:54:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872
Description:
 The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid
 module before 2.3.6 for the Apache HTTP Server does not use bytewise
 pointer arithmetic in certain circumstances, which has unspecified impact
 and attack vectors related to "untrusted FastCGI applications" and a "stack
 buffer overwrite."
Ubuntu-Description:
Notes:
Bugs:
 https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libapache2-mod-fcgid:
 upstream: https://svn.apache.org/viewvc?view=revision&revision=1030894
upstream_libapache2-mod-fcgid: released (2.3.6)
dapper_libapache2-mod-fcgid: ignored (reached end-of-life)
hardy_libapache2-mod-fcgid: released (1:2.2-1ubuntu0.8.04.1)
karmic_libapache2-mod-fcgid: released (1:2.2-1ubuntu0.9.10.1)
lucid_libapache2-mod-fcgid: released (1:2.3.4-2ubuntu0.2)
maverick_libapache2-mod-fcgid: released (1:2.3.5-2ubuntu0.1)
devel_libapache2-mod-fcgid: not-affected (1:2.3.6-1)