Summary
The host is installed with Apache APR and APR-Util and is prone to multiple Integer Overflow vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service.
Impact Level: Application
Solution
Upgrade to Apache APR version 1.3.8 or APR-util version 1.3.9, http://apr.apache.org/download.cgi
or
Apply the patches for Apache APR-Utils 0.9.x or Apache APR version 0.9.x http://www.apache.org/dist/apr/patches/apr-0.9-CVE-2009-2412.patch http://www.apache.org/dist/apr/patches/apr-util-0.9-CVE-2009-2412.patch
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
- Error exists when vectors trigger crafted calls to the allocator_alloc or apr_palloc function in memory/unix/apr_pools.c in APR.
- Error in apr_rmm_malloc, apr_rmm_calloc or apr_rmm_realloc function in misc/apr_rmm.c caused while aligning relocatable memory blocks in APR-util.
Affected
Apache APR version 0.9.x and 1.3.x before 1.3.8
Apache APR-Utils version 0.9.x and 1.3.x before 1.3.9
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2412 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Cogent DataHub Unicode Buffer Overflow Vulnerability
- Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
- Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
- ALLMediaServer Request Handling Buffer Overflow Vulnerability