ID CVE-2009-2412
Summary Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.2
    cpe:2.3:a:apache:apr-util:0.9.2
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.3
    cpe:2.3:a:apache:apr-util:0.9.3
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.4
    cpe:2.3:a:apache:apr-util:0.9.4
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.5
    cpe:2.3:a:apache:apr-util:0.9.5
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.0
    cpe:2.3:a:apache:apr-util:1.3.0
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.1
    cpe:2.3:a:apache:apr-util:1.3.1
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.2
    cpe:2.3:a:apache:apr-util:1.3.2
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.3
    cpe:2.3:a:apache:apr-util:1.3.3
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.4
    cpe:2.3:a:apache:apr-util:1.3.4
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.5
    cpe:2.3:a:apache:apr-util:1.3.5
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.7
    cpe:2.3:a:apache:apr-util:1.3.7
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.8
    cpe:2.3:a:apache:apr-util:1.3.8
  • cpe:2.3:a:apache:portable_runtime:0.9.1
    cpe:2.3:a:apache:portable_runtime:0.9.1
  • cpe:2.3:a:apache:portable_runtime:0.9.2
    cpe:2.3:a:apache:portable_runtime:0.9.2
  • cpe:2.3:a:apache:portable_runtime:0.9.2-dev
    cpe:2.3:a:apache:portable_runtime:0.9.2-dev
  • cpe:2.3:a:apache:portable_runtime:0.9.3
    cpe:2.3:a:apache:portable_runtime:0.9.3
  • cpe:2.3:a:apache:portable_runtime:0.9.3-dev
    cpe:2.3:a:apache:portable_runtime:0.9.3-dev
  • cpe:2.3:a:apache:portable_runtime:0.9.4
    cpe:2.3:a:apache:portable_runtime:0.9.4
  • cpe:2.3:a:apache:portable_runtime:0.9.5
    cpe:2.3:a:apache:portable_runtime:0.9.5
  • cpe:2.3:a:apache:portable_runtime:0.9.6
    cpe:2.3:a:apache:portable_runtime:0.9.6
  • cpe:2.3:a:apache:portable_runtime:0.9.7
    cpe:2.3:a:apache:portable_runtime:0.9.7
  • cpe:2.3:a:apache:portable_runtime:0.9.7-dev
    cpe:2.3:a:apache:portable_runtime:0.9.7-dev
  • cpe:2.3:a:apache:portable_runtime:0.9.8
    cpe:2.3:a:apache:portable_runtime:0.9.8
  • cpe:2.3:a:apache:portable_runtime:0.9.9
    cpe:2.3:a:apache:portable_runtime:0.9.9
  • cpe:2.3:a:apache:portable_runtime:0.9.16-dev
    cpe:2.3:a:apache:portable_runtime:0.9.16-dev
  • cpe:2.3:a:apache:portable_runtime:1.3.0
    cpe:2.3:a:apache:portable_runtime:1.3.0
  • cpe:2.3:a:apache:portable_runtime:1.3.1
    cpe:2.3:a:apache:portable_runtime:1.3.1
  • cpe:2.3:a:apache:portable_runtime:1.3.2
    cpe:2.3:a:apache:portable_runtime:1.3.2
  • cpe:2.3:a:apache:portable_runtime:1.3.3
    cpe:2.3:a:apache:portable_runtime:1.3.3
  • cpe:2.3:a:apache:portable_runtime:1.3.4
    cpe:2.3:a:apache:portable_runtime:1.3.4
  • cpe:2.3:a:apache:portable_runtime:1.3.5
    cpe:2.3:a:apache:portable_runtime:1.3.5
  • cpe:2.3:a:apache:portable_runtime:1.3.7
    cpe:2.3:a:apache:portable_runtime:1.3.7
  • cpe:2.3:a:apache:portable_runtime:1.3.8
    cpe:2.3:a:apache:portable_runtime:1.3.8
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.1
    cpe:2.3:a:apache:apr-util:0.9.1
  • cpe:2.3:a:apache:apr-util:0.9.2-dev
    cpe:2.3:a:apache:apr-util:0.9.2-dev
  • cpe:2.3:a:apache:apr-util:0.9.3-dev
    cpe:2.3:a:apache:apr-util:0.9.3-dev
  • cpe:2.3:a:apache:apr-util:0.9.7-dev
    cpe:2.3:a:apache:apr-util:0.9.7-dev
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.8
    cpe:2.3:a:apache:apr-util:0.9.8
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.16
    cpe:2.3:a:apache:apr-util:0.9.16
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.6
    cpe:2.3:a:apache:apr-util:0.9.6
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 0.9.9
    cpe:2.3:a:apache:apr-util:0.9.9
  • cpe:2.3:a:apache:apr-util:1.3.6-dev
    cpe:2.3:a:apache:apr-util:1.3.6-dev
  • Apache Software Foundation Apache Portable Runtime Utility library (aka APR-util) 1.3.6
    cpe:2.3:a:apache:apr-util:1.3.6
  • cpe:2.3:a:apache:apr-util:1.3.4-dev
    cpe:2.3:a:apache:apr-util:1.3.4-dev
  • cpe:2.3:a:apache:portable_runtime:1.3.6-dev
    cpe:2.3:a:apache:portable_runtime:1.3.6-dev
  • cpe:2.3:a:apache:portable_runtime:1.3.4-dev
    cpe:2.3:a:apache:portable_runtime:1.3.4-dev
  • cpe:2.3:a:apache:portable_runtime:1.3.6
    cpe:2.3:a:apache:portable_runtime:1.3.6
CVSS
Base: 10.0 (as of 06-08-2009 - 13:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8349.NASL
    description CVE-2009-2412: allocator alignment fixes Full details here: http://www.apache.org/dist/apr/patches/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40516
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40516
    title Fedora 11 : apr-util-1.3.9-1.fc11 (2009-8349)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8318.NASL
    description CVE-2009-2412: allocator alignment fixes Full details here: http://www.apache.org/dist/apr/patches/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40505
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40505
    title Fedora 10 : apr-util-1.3.9-1.fc10 (2009-8318)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1205.NASL
    description Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries, which provide a free library of C data structures and routines, and also additional utility interfaces to support XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) This update also fixes the following bug : * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. (BZ#506016) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40543
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40543
    title RHEL 3 : httpd (RHSA-2009:1205)
  • NASL family Web Servers
    NASL id APACHE_2_0_64.NASL
    description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including 'mod_deflate', are vulnerable to a denial of service attack as the server can be forced to utilize CPU time compressing a large file after client disconnect. (CVE-2009-1891) - An unspecified error exists in 'mod_proxy' related to filtration of authentication credentials. (CVE-2009-3095) - A NULL pointer dereference issue exists in 'mod_proxy_ftp' in some error handling paths. (CVE-2009-3094) - An error exists in 'mod_ssl' making the server vulnerable to the TLC renegotiation prefix injection attack. (CVE-2009-3555) - An error exists in the handling of subrequests such that the parent request headers may be corrupted. (CVE-2010-0434) - An error exists in 'mod_proxy_http' when handling excessive interim responses making it vulnerable to a denial of service attack. (CVE-2008-2364) - An error exists in 'mod_isapi' that allows the module to be unloaded too early, which leaves orphaned callback pointers. (CVE-2010-0425) - An error exists in 'mod_proxy_ftp' when wildcards are in an FTP URL, which allows for cross-site scripting attacks. (CVE-2008-2939) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 50069
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50069
    title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12613.NASL
    description The following bugs have been fixed : - Integer overflows in libapr could potentially be exploited to execute arbitrary code. (CVE-2009-2412) - Specially crafted XML documents cause apache to consume large amounts of memory. (CVE-2009-1955)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 46217
    published 2010-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46217
    title SuSE9 Security Update : Apache 2 (YOU Patch Number 12613)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090810_HTTPD_ON_SL3_X.NASL
    description CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) This update also fixes the following bug : - in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. (BZ#506016) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60636
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60636
    title Scientific Linux Security Update : httpd on SL3.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-195.NASL
    description A vulnerability has been identified and corrected in apr and apr-util : Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third-party information (CVE-2009-2412). This update provides fixes for these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 40509
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40509
    title Mandriva Linux Security Advisory : apr (MDVSA-2009:195)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-813-2.NASL
    description USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40530
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40530
    title Ubuntu 6.06 LTS : apache2 vulnerability (USN-813-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1205.NASL
    description Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries, which provide a free library of C data structures and routines, and also additional utility interfaces to support XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) This update also fixes the following bug : * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. (BZ#506016) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40532
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40532
    title CentOS 3 : httpd (CESA-2009:1205)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBAPR-UTIL1-6545.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49877
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49877
    title SuSE 10 Security Update : libapr1 (ZYPP Patch Number 6545)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBAPR-UTIL1-6547.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42323
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42323
    title openSUSE 10 Security Update : libapr-util1 (libapr-util1-6547)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-813-3.NASL
    description USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40531
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40531
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : apr-util vulnerability (USN-813-3)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-219-02.NASL
    description New apr packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 40512
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40512
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr (SSA:2009-219-02)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-314.NASL
    description Multiple security vulnerabilities has been identified and fixed in apr and apr-util : Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third-party information (CVE-2009-2412). The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an underflow flaw. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input (CVE-2009-1956). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers The updated packages have been patched to prevent this.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 43000
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43000
    title Mandriva Linux Security Advisory : apr (MDVSA-2009:314)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1204.NASL
    description From Red Hat Security Advisory 2009:1204 : Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 67907
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67907
    title Oracle Linux 4 / 5 : apr / apr-util (ELSA-2009-1204)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1205.NASL
    description From Red Hat Security Advisory 2009:1205 : Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries, which provide a free library of C data structures and routines, and also additional utility interfaces to support XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) This update also fixes the following bug : * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. (BZ#506016) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 67908
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67908
    title Oracle Linux 3 : httpd (ELSA-2009-1205)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBAPR-UTIL1-091012.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42229
    published 2009-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42229
    title openSUSE Security Update : libapr-util1 (libapr-util1-1375)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-219-03.NASL
    description New apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 40513
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40513
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : apr-util (SSA:2009-219-03)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBAPR-UTIL1-091011.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 42234
    published 2009-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42234
    title SuSE 11 Security Update : libapr (SAT Patch Number 1374)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090810_APR_AND_APR_UTIL_ON_SL4_X.NASL
    description CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60635
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60635
    title Scientific Linux Security Update : apr and apr-util on SL4.x, SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1854.NASL
    description Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44719
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44719
    title Debian DSA-1854-1 : apr, apr-util - heap buffer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200909-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200909-03 (Apache Portable Runtime, APR Utility Library: Execution of arbitrary code) Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Impact : A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 40911
    published 2009-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40911
    title GLSA-200909-03 : Apache Portable Runtime, APR Utility Library: Execution of arbitrary code
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8360.NASL
    description CVE-2009-2412: allocator alignment fixes Full details here: http://www.apache.org/dist/apr/patches/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 40517
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40517
    title Fedora 10 : apr-1.3.8-1.fc10 (2009-8360)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1204.NASL
    description Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40542
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40542
    title RHEL 4 / 5 : apr and apr-util (RHSA-2009:1204)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-813-1.NASL
    description Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40529
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40529
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : apr vulnerability (USN-813-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBAPR-UTIL1-6546.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 42236
    published 2009-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42236
    title SuSE 10 Security Update : libapr (ZYPP Patch Number 6546)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBAPR-UTIL1-091011.NASL
    description This update of libapr-util1 and libapr1 fixes multiple integer overflows that could probably be used to execute arbitrary code remotely. (CVE-2009-2412)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42232
    published 2009-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42232
    title openSUSE Security Update : libapr-util1 (libapr-util1-1375)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1204.NASL
    description Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43776
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43776
    title CentOS 5 : apr (CESA-2009:1204)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8336.NASL
    description CVE-2009-2412: allocator alignment fixes Full details here: http://www.apache.org/dist/apr/patches/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 40514
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40514
    title Fedora 11 : apr-1.3.8-1.fc11 (2009-8336)
  • NASL family Web Servers
    NASL id APACHE_2_2_13.NASL
    description According to its self-reported banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.13. As such, it includes a bundled version of the Apache Portable Runtime (APR) library that contains a flaw in 'apr_palloc()' that could cause a heap overflow. Note that the Apache HTTP server itself does not pass unsanitized, user-provided sizes to this function so it could only be triggered through some other application that uses it in a vulnerable way.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 57603
    published 2012-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57603
    title Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow
oval via4
  • accepted 2014-07-14T04:01:29.175-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Apache HTTP Server 2.2.x is installed on the system
    oval oval:org.mitre.oval:def:8550
    description Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
    family windows
    id oval:org.mitre.oval:def:8394
    status accepted
    submitted 2010-03-08T17:30:00.000-05:00
    title Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
    version 11
  • accepted 2013-04-29T04:23:38.426-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description leading to buffer overflows. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:9958
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title overflows. NOTE: some of these details are obtained from third party information.
    version 24
redhat via4
advisories
  • bugzilla
    id 515698
    title CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment apr is earlier than 0:0.9.4-24.9.el4_8.2
            oval oval:com.redhat.rhsa:tst:20091204002
          • comment apr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091204003
        • AND
          • comment apr-devel is earlier than 0:0.9.4-24.9.el4_8.2
            oval oval:com.redhat.rhsa:tst:20091204004
          • comment apr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091204005
        • AND
          • comment apr-util is earlier than 0:0.9.4-22.el4_8.2
            oval oval:com.redhat.rhsa:tst:20091204006
          • comment apr-util is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091107003
        • AND
          • comment apr-util-devel is earlier than 0:0.9.4-22.el4_8.2
            oval oval:com.redhat.rhsa:tst:20091204008
          • comment apr-util-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091107005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment apr is earlier than 0:1.2.7-11.el5_3.1
            oval oval:com.redhat.rhsa:tst:20091204011
          • comment apr is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091204012
        • AND
          • comment apr-devel is earlier than 0:1.2.7-11.el5_3.1
            oval oval:com.redhat.rhsa:tst:20091204013
          • comment apr-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091204014
        • AND
          • comment apr-docs is earlier than 0:1.2.7-11.el5_3.1
            oval oval:com.redhat.rhsa:tst:20091204015
          • comment apr-docs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091204016
        • AND
          • comment apr-util is earlier than 0:1.2.7-7.el5_3.2
            oval oval:com.redhat.rhsa:tst:20091204017
          • comment apr-util is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091107008
        • AND
          • comment apr-util-devel is earlier than 0:1.2.7-7.el5_3.2
            oval oval:com.redhat.rhsa:tst:20091204021
          • comment apr-util-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091107010
        • AND
          • comment apr-util-docs is earlier than 0:1.2.7-7.el5_3.2
            oval oval:com.redhat.rhsa:tst:20091204019
          • comment apr-util-docs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091107012
    rhsa
    id RHSA-2009:1204
    released 2009-08-10
    severity Moderate
    title RHSA-2009:1204: apr and apr-util security update (Moderate)
  • bugzilla
    id 515698
    title CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment httpd is earlier than 0:2.0.46-75.ent
          oval oval:com.redhat.rhsa:tst:20091205002
        • comment httpd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619003
      • AND
        • comment httpd-devel is earlier than 0:2.0.46-75.ent
          oval oval:com.redhat.rhsa:tst:20091205004
        • comment httpd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619005
      • AND
        • comment mod_ssl is earlier than 0:2.0.46-75.ent
          oval oval:com.redhat.rhsa:tst:20091205006
        • comment mod_ssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060619009
    rhsa
    id RHSA-2009:1205
    released 2009-08-10
    severity Moderate
    title RHSA-2009:1205: httpd security and bug fix update (Moderate)
rpms
  • apr-0:0.9.4-24.9.el4_8.2
  • apr-devel-0:0.9.4-24.9.el4_8.2
  • apr-util-0:0.9.4-22.el4_8.2
  • apr-util-devel-0:0.9.4-22.el4_8.2
  • apr-0:1.2.7-11.el5_3.1
  • apr-devel-0:1.2.7-11.el5_3.1
  • apr-docs-0:1.2.7-11.el5_3.1
  • apr-util-0:1.2.7-7.el5_3.2
  • apr-util-devel-0:1.2.7-7.el5_3.2
  • apr-util-docs-0:1.2.7-7.el5_3.2
  • httpd-0:2.0.46-75.ent
  • httpd-devel-0:2.0.46-75.ent
  • mod_ssl-0:2.0.46-75.ent
refmap via4
aixapar
  • PK93225
  • PK99482
apple APPLE-SA-2009-11-09-1
bid 35949
confirm
fedora
  • FEDORA-2009-8336
  • FEDORA-2009-8360
mandriva MDVSA-2009:195
osvdb
  • 56765
  • 56766
secunia
  • 36138
  • 36140
  • 36166
  • 36233
  • 37152
  • 37221
suse
  • SUSE-SA:2009:050
  • SUSE-SR:2010:011
ubuntu USN-813-2
vupen
  • ADV-2009-3184
  • ADV-2010-1107
Last major update 21-08-2010 - 01:33
Published 06-08-2009 - 11:30
Last modified 18-09-2017 - 21:29
Back to Top