Two flaws were reported in versions of SBLIM SFCB prior to version 1.3.8: Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1937 to the following vulnerability: Name: CVE-2010-1937 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1937 Assigned: 20100513 Reference: MLIST:[oss-security] 20100601 SFCB vulnerabilities Reference: URL: http://marc.info/?l=bugtraq&m=127549079109192&w=2 Reference: CONFIRM: http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.84&r2=1.85 Reference: CONFIRM: http://sourceforge.net/tracker/index.php?func=detail&aid=3001896&group_id=128809&atid=712784 Reference: SECUNIA:40018 Reference: URL: http://secunia.com/advisories/40018 Reference: VUPEN:ADV-2010-1312 Reference: URL: http://www.vupen.com/english/advisories/2010/1312 Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2054 to the following vulnerability: Name: CVE-2010-2054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 Assigned: 20100525 Reference: MLIST:[oss-security] 20100601 SFCB vulnerabilities Reference: URL: http://marc.info/?l=bugtraq&m=127549079109192&w=2 Reference: CONFIRM: http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86 Reference: CONFIRM: http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784 Reference: SECUNIA:40018 Reference: URL: http://secunia.com/advisories/40018 Reference: VUPEN:ADV-2010-1312 Reference: URL: http://www.vupen.com/english/advisories/2010/1312 Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information. sblim-sfcb is packaged in Fedora and EPEL, at version 1.3.4 and should be rebased to version 1.3.8 in order to correct these flaws.
Created sblim-sfcb tracking bugs for this issue Affects: fedora-all [bug 605345]
sblim-sfcb-1.3.8-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/sblim-sfcb-1.3.8-1.fc13