#3641 closed defect (fixed)
CVE-2010-1678: Improper validation of symbol index values.
Reported by: | sdlime | Owned by: | aboudreault |
---|---|---|---|
Priority: | highest | Milestone: | |
Component: | Security/Vulnerability (Public) | Version: | unspecified |
Severity: | critical | Keywords: | |
Cc: | dmorissette |
Description
Mapfile parsing does not properly validate symbols referenced by index. Also applies to URL changes, which is the more significant issue. The result can be an segfault from an invalid array index.
Fix is to do a bounds check on symbol values once the parse is complete.
Vulnerability exists in trunk, 5.2, 5.4, 5.6 and perhaps other versions. Mapfile issue is not as severe and probably has existed for years.
Steve
Attachments (5)
Change History (12)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
Summary: | Improper validation of symbol index values. → CVE-2010-1678: Improper validation of symbol index values. |
---|
Updated the ticket with the CVE id.
comment:3 by , 13 years ago
Cc: | added |
---|
comment:4 by , 13 years ago
comment:5 by , 13 years ago
Component: | Vulnerabilities → Vulnerabilities Fixed |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Fixed. Moving ticket privacy to public.
comment:6 by , 13 years ago
Component: | Security/Vulnerability (Public) → Security/Vulnerability (Private) |
---|
comment:7 by , 13 years ago
Component: | Security/Vulnerability (Private) → Security/Vulnerability (Public) |
---|
by , 13 years ago
Attachment: | symbol_index_overflow-branch-5-6.patch added |
---|
Branch 5.6 patch for symbol index overflow
by , 13 years ago
Attachment: | symbol_index_overflow-branch-5-4.patch added |
---|
Branch 5.4 patch for symbol index overflow
by , 13 years ago
Attachment: | symbol_index_overflow-trunk.patch added |
---|
Trunk patch for symbol index overflow
by , 13 years ago
Attachment: | symbol_index_overflow-branch-5-2.patch added |
---|
Branch 5.2 patch for symbol index overflow
by , 13 years ago
Attachment: | symbol_index_overflow-branch-5-0.patch added |
---|
Branch 5.0 patch for symbol index overflow
Might consider creating an MS_IS_VALID_INDEX macro. It would take index and a max value. If index is between 0 and max then it return MS_TRUE.
Steve