Launchpad CVE tracker

CVE 2009-0840

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

Related bugs and status

CVE-2009-0840 (Candidate) is related to these bugs:

Bug #324373: Please sync from debian 5.2.1-1

Summary				In	Importance	Status
	324373	Please sync from debian 5.2.1-1		mapserver (Ubuntu)	Undecided	Fix Released

Bug #398814: security: anyone can make mapserv read or write arbitrary files

		In	Importance	Status
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Dapper)	Undecided	Won't Fix
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Hardy)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Intrepid)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Jaunty)	Undecided	Fix Released
398814	security: anyone can make mapserv read or write arbitrary files	mapserver (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0840

References