#3641 closed defect (fixed)
CVE-2010-1678: Improper validation of symbol index values.
Reported by: | sdlime | Owned by: | aboudreault |
---|---|---|---|
Priority: | highest | Milestone: | |
Component: | Security/Vulnerability (Public) | Version: | unspecified |
Severity: | critical | Keywords: | |
Cc: | dmorissette |
Description
Mapfile parsing does not properly validate symbols referenced by index. Also applies to URL changes, which is the more significant issue. The result can be an segfault from an invalid array index.
Fix is to do a bounds check on symbol values once the parse is complete.
Vulnerability exists in trunk, 5.2, 5.4, 5.6 and perhaps other versions. Mapfile issue is not as severe and probably has existed for years.
Steve
Attachments (5)
Change History (12)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
Summary: | Improper validation of symbol index values. → CVE-2010-1678: Improper validation of symbol index values. |
---|
Updated the ticket with the CVE id.
comment:3 Changed 10 years ago by
Cc: | dmorissette added |
---|
comment:4 Changed 10 years ago by
comment:5 Changed 10 years ago by
Component: | Vulnerabilities → Vulnerabilities Fixed |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Fixed. Moving ticket privacy to public.
comment:6 Changed 10 years ago by
Component: | Security/Vulnerability (Public) → Security/Vulnerability (Private) |
---|
comment:7 Changed 10 years ago by
Component: | Security/Vulnerability (Private) → Security/Vulnerability (Public) |
---|
Changed 10 years ago by
Attachment: | symbol_index_overflow-branch-5-6.patch added |
---|
Branch 5.6 patch for symbol index overflow
Changed 10 years ago by
Attachment: | symbol_index_overflow-branch-5-4.patch added |
---|
Branch 5.4 patch for symbol index overflow
Changed 10 years ago by
Attachment: | symbol_index_overflow-trunk.patch added |
---|
Trunk patch for symbol index overflow
Changed 10 years ago by
Attachment: | symbol_index_overflow-branch-5-2.patch added |
---|
Branch 5.2 patch for symbol index overflow
Changed 10 years ago by
Attachment: | symbol_index_overflow-branch-5-0.patch added |
---|
Branch 5.0 patch for symbol index overflow
Might consider creating an MS_IS_VALID_INDEX macro. It would take index and a max value. If index is between 0 and max then it return MS_TRUE.
Steve