cpe:/a:umn:mapserver:4.0 cpe:/a:umn:mapserver:4.0:beta1 cpe:/a:umn:mapserver:4.0:beta2 cpe:/a:umn:mapserver:4.2:beta1 cpe:/a:umn:mapserver:4.4.0 cpe:/a:umn:mapserver:4.4.0:beta1 cpe:/a:umn:mapserver:4.4.0:beta2 cpe:/a:umn:mapserver:4.4.0:beta3 cpe:/a:umn:mapserver:4.6.0 cpe:/a:umn:mapserver:4.6.0:beta1 cpe:/a:umn:mapserver:4.6.0:beta2 cpe:/a:umn:mapserver:4.6.0:beta3 cpe:/a:umn:mapserver:4.6.0:rc1 cpe:/a:umn:mapserver:4.8:beta1 cpe:/a:umn:mapserver:4.8:beta2 cpe:/a:umn:mapserver:4.8:beta3 cpe:/a:umn:mapserver:4.8:rc1 cpe:/a:umn:mapserver:4.8:rc2 cpe:/a:umn:mapserver:4.10:beta1 cpe:/a:umn:mapserver:4.10:beta2 cpe:/a:umn:mapserver:4.10:beta3 cpe:/a:umn:mapserver:4.10:rc1 cpe:/a:umn:mapserver:4.10.0 cpe:/a:umn:mapserver:4.10.1 cpe:/a:umn:mapserver:4.10.2 cpe:/a:umn:mapserver:4.10.3 cpe:/a:umn:mapserver:5.0.0 cpe:/a:umn:mapserver:5.0.0:beta1 cpe:/a:umn:mapserver:5.0.0:beta2 cpe:/a:umn:mapserver:5.0.0:beta3 cpe:/a:umn:mapserver:5.0.0:beta4 cpe:/a:umn:mapserver:5.0.0:beta5 cpe:/a:umn:mapserver:5.0.0:beta6 cpe:/a:umn:mapserver:5.0.0:rc1 cpe:/a:umn:mapserver:5.0.0:rc2 cpe:/a:umn:mapserver:5.2.0 cpe:/a:umn:mapserver:5.2.0:beta1 cpe:/a:umn:mapserver:5.2.0:beta2 cpe:/a:umn:mapserver:5.2.0:beta3 cpe:/a:umn:mapserver:5.2.0:beta4 cpe:/a:umn:mapserver:5.2.0:rc1 cpe:/a:umn:mapserver:5.2.1 CVE-2009-0839 2009-03-31T14:24:45.827-04:00 2009-10-27T01:24:10.157-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-03-31T15:48:00.000-04:00 SECTRACK 1021952 BUGTRAQ 20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 BID 34306 SECUNIA 34520 SECUNIA 34603 DEBIAN DSA-1914 FEDORA FEDORA-2009-3357 FEDORA FEDORA-2009-3383 MLIST [mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes CONFIRM http://trac.osgeo.org/mapserver/ticket/2944 MISC http://www.positronsecurity.com/advisories/2009-000.html Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.