Vulnerability Name:

CVE-2011-2704 (CCN-68719)

Assigned:2011-07-19
Published:2011-07-19
Updated:2021-06-07
Summary:Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2704

Source: CCN
Type: MapServer Security Fixes
[mapserver-users] MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes

Source: MLIST
Type: Patch
[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes

Source: CCN
Type: MapServer Web Site
Welcome to MapServer — MapServer 6.0.1 documentation

Source: CCN
Type: SA45257
MapServer SQL Injection and Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
45257

Source: SECUNIA
Type: Vendor Advisory
45368

Source: CCN
Type: MapServer Ticket #3903
Possible SQL Injection using OGC filter encoding

Source: CONFIRM
Type: Patch
http://trac.osgeo.org/mapserver/ticket/3903

Source: DEBIAN
Type: UNKNOWN
DSA-2285

Source: DEBIAN
Type: DSA-2285
mapserver -- several vulnerabilities

Source: MLIST
Type: Patch
[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

Source: MLIST
Type: Patch
[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

Source: CCN
Type: OSVDB ID: 74042
MapServer OGC Filter Boundary Error Overflow

Source: BID
Type: UNKNOWN
48720

Source: CCN
Type: BID-48720
MapServer Multiple Security Vulnerabilities

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293

Source: XF
Type: UNKNOWN
mapserver-ogc-bo(68719)

Source: XF
Type: UNKNOWN
mapserver-ogc-bo(68719)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:*:*:*:*:*:*:*:* (Version <= 4.10.6)
  • OR cpe:/a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:umn:mapserver:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:umn:mapserver:5.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:umn:mapserver:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:umn:mapserver:5.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:umn:mapserver:5.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13006
    P
    		DSA-2285-1 mapserver -- several
    2014-06-23
    BACK
    osgeo mapserver 4.10.0
    osgeo mapserver 4.10.2
    osgeo mapserver 4.8.0 beta2
    osgeo mapserver 4.8.0 beta1
    osgeo mapserver 4.4.0 beta2
    osgeo mapserver 4.4.0 beta1
    osgeo mapserver 4.6.0 beta3
    osgeo mapserver 4.10.0 rc1
    osgeo mapserver 4.10.0 beta1
    osgeo mapserver 4.6.0 beta1
    osgeo mapserver 4.6.0 rc1
    osgeo mapserver 4.4.0 beta3
    osgeo mapserver 4.2.0 beta1
    osgeo mapserver 4.6.0 beta2
    osgeo mapserver 4.8.0 beta3
    osgeo mapserver 4.8.0 rc2
    osgeo mapserver 4.8.0 rc1
    osgeo mapserver 4.10.0 beta3
    osgeo mapserver 4.10.0 beta2
    osgeo mapserver 4.10.4
    osgeo mapserver 4.10.1
    osgeo mapserver 4.10.3
    osgeo mapserver 4.10.5
    osgeo mapserver 4.6.0
    osgeo mapserver *
    osgeo mapserver 4.4.0
    osgeo mapserver 5.2.0 beta2
    osgeo mapserver 5.0.0 beta3
    osgeo mapserver 5.0.0 beta4
    osgeo mapserver 5.2.0 beta4
    osgeo mapserver 5.4.2
    osgeo mapserver 5.4.0 beta4
    osgeo mapserver 5.4.0 rc1
    osgeo mapserver 5.6.0
    umn mapserver 5.2.3
    osgeo mapserver 5.2.0 beta3
    osgeo mapserver 5.2.1
    osgeo mapserver 5.0.0 rc1
    umn mapserver 5.6.4
    umn mapserver 5.2.2
    umn mapserver 5.6.5
    umn mapserver 5.6.6
    osgeo mapserver 5.0.0 beta5
    osgeo mapserver 5.0.0 beta6
    osgeo mapserver 5.0.0 beta1
    osgeo mapserver 5.0.0 beta2
    osgeo mapserver 5.2.0
    osgeo mapserver 5.2.0 beta1
    osgeo mapserver 5.2.0 rc1
    osgeo mapserver 5.4.0
    osgeo mapserver 5.4.0 beta1
    osgeo mapserver 5.4.0 beta2
    osgeo mapserver 5.4.0 beta3
    osgeo mapserver 5.4.0 rc2
    osgeo mapserver 5.4.1
    osgeo mapserver 5.6.1
    osgeo mapserver 5.6.3
    osgeo mapserver 5.0.0 rc2
    osgeo mapserver 5.0.0