Vulnerability Details : CVE-2011-2704
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-2704
- cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2704
15.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2704
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-2704
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2704
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68719
MapServer OGC filter buffer overflow CVE-2011-2704 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2011/07/19/14
oss-security - CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]Patch
-
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
[mapserver-users] MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixesPatch
-
http://www.debian.org/security/2011/dsa-2285
Debian -- Security Information -- DSA-2285-1 mapserver
-
http://trac.osgeo.org/mapserver/ticket/3903
#3903 (Security Vulnerabilities - Possible SQL Injection using OGC filter encoding) – MapServerPatch
-
http://www.openwall.com/lists/oss-security/2011/07/20/15
oss-security - Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]Patch
-
http://www.securityfocus.com/bid/48720
MapServer Multiple Security Vulnerabilities
-
https://bugzilla.redhat.com/show_bug.cgi?id=723293
723293 – (CVE-2011-2703, CVE-2011-2704, CVE-2011-2975) CVE-2011-2703 CVE-2011-2704 CVE-2011-2975 MapServer (v6.0.1, v5.6.7 and v4.10.7): Multiple SQL injections and one (stack-based) buffer overflow fPatch
Jump to