CVE-2010-3872

Sažetak

The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html
http://www.vupen.com/english/advisories/2010/2998
http://secunia.com/advisories/42288
http://secunia.com/advisories/42302
http://www.vupen.com/english/advisories/2010/2997
http://osvdb.org/69275
http://www.gossamer-threads.com/lists/apache/announce/391406
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
http://secunia.com/advisories/42815
http://www.vupen.com/english/advisories/2011/0031
http://www.securityfocus.com/bid/44900
http://www.debian.org/security/2010/dsa-2140
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/63303
https://bugzilla.redhat.com/show_bug.cgi?id=2248172
https://access.redhat.com/security/cve/CVE-2010-3872

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:06

Objavljeno

22-11-2010 - 12:54