Fedora Account System
Red Hat Associate
Red Hat Customer
An input validation flaw was found in the way mapserver's mapserv CGI form results decoding script used to handle certain fields of the provided CGI query string. A remote attacker could use this flaw to write (potentially malicious) data to certain file system places with the privileges of the web server user or escalate his privileges by providing a specially-crafted map file. References: ----------- http://trac.osgeo.org/mapserver/ticket/1836 https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/398814 From the mapserver/ticket/1836: ------------------------------- "07/22/09 23:42:40 changed by sdlime Back ported to 5.0 and 5.2 branches for completeness... Steve" Proof of Concept: ----------------- firefox http://biometry.gis.umn.edu/cgi-bin/mapserv.exe?map=/boot/grub/device.map -> msLoadMap(): Unknown identifier. Parsing error near (hd0):(line 1) Tested mapserver version: ------------------------- mapserver-5.2.1-6.fc11 Further information: --------------------- In case this issue was already addressed within https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0842 feel free to close this Bugzilla record.
mapserver has been updated to >= 5.4, which according to upstream doesn't have this problem.