thr3ads.net - Secure testing team - [Secure-testing-team] Bug#605484: libapache2-mod-fcgid: stack overwrite vulnerability [Nov 2010]

If this information is useful, please help other people find it:
Share via:

John Goerzen

2010-Nov-30 14:40 UTC

[Secure-testing-team] Bug#605484: libapache2-mod-fcgid: stack overwrite vulnerability

Package: libapache2-mod-fcgid
Version: 1:2.2-1
Severity: grave
Tags: security
Justification: user security hole

This was reported in CVE-2010-3872.  Information at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872

https://issues.apache.org/bugzilla/show_bug.cgi?id=49406

Of particular note, the code in question appears at line 86 in the
lenny version, and is:

                memcpy(&header + hasread, buffer, putsize);


Our versions in lenny and lenny-backports are both vulnerable.
squeeze and sid are running new enough versions that they aren''t.

-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (500, ''stable''), (99,
''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-fcgid depends on:
ii  apache2.2-common         2.2.9-10+lenny8 Apache HTTP Server common files
ii  libc6                    2.7-18lenny6    GNU C Library: Shared libraries

libapache2-mod-fcgid recommends no packages.

libapache2-mod-fcgid suggests no packages.

-- no debconf information

Secure testing team - Nov 2010 - Bug#605484: libapache2-mod-fcgid: stack overwrite vulnerability

[Secure-testing-team] Bug#605484: libapache2-mod-fcgid: stack overwrite vulnerability