• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Bugtraq ID:	35949
Class:	Design Error
CVE:	CVE-2009-2412
Remote:	Yes
Local:	No
Published:	Aug 05 2009 12:00AM
Updated:	Dec 07 2009 11:14PM
Credit:	Matt Lewis
Vulnerable:	Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 S.u.S.E. SUSE Linux Enterprise Server 10 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2 S.u.S.E. SUSE Linux Enterprise 10 SP3 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP2 DEBUGINFO S.u.S.E. SLES 11 DEBUGINFO S.u.S.E. SLES 11 S.u.S.E. SLE SDK 10 SP3 S.u.S.E. SLE SDK 10 SP2 S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Enterprise Server 9 rPath rPath Linux 2 rPath rPath Linux 1 RedHat JBoss Enterprise Web Server EL4 0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux EUS 5.3.z server RedHat Enterprise Linux ES 4.8.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4.8.z RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 Pardus Linux 2009 0 Pardus Linux 2008 0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IBM Websphere Application Server 6.0.1 IBM HTTP Server 7.0 Gentoo Linux Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.6 Apple Mac OS X 10.5 Apache Software Foundation APR-util 1.3.8 Apache Software Foundation APR-util 1.3.7 Apache Software Foundation APR-util 1.3.6 Apache Software Foundation APR-util 1.3.5 Apache Software Foundation APR-util 1.3.4 Apache Software Foundation APR-util 0.9.17 Apache Software Foundation APR-util 0.9.16 Apache Software Foundation APR-util 0.9.7 Apache Software Foundation Apache Portable Runtime 1.3.7 Apache Software Foundation Apache Portable Runtime 0.9.18 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.1
Not Vulnerable:	Apple Mac OS X Server 10.6.2 Apple Mac OS X 10.6.2