Vulnerabilities > CVE-2010-3872 - Numeric Errors vulnerability in Apache MOD Fcgid
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2140.NASL description A vulnerability has been found in Apache mod_fcgid. The Common Vulnerabilities and Exposures project identifies the following problem : - CVE-2010-3872 A stack overflow could allow an untrusted FCGI application to cause a server crash or possibly to execute arbitrary code as the user running the web server. last seen 2020-03-17 modified 2011-01-07 plugin id 51427 published 2011-01-07 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51427 title Debian DSA-2140-1 : libapache2-mod-fcgid - stack overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2140. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(51427); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2010-3872"); script_bugtraq_id(44900); script_xref(name:"DSA", value:"2140"); script_name(english:"Debian DSA-2140-1 : libapache2-mod-fcgid - stack overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found in Apache mod_fcgid. The Common Vulnerabilities and Exposures project identifies the following problem : - CVE-2010-3872 A stack overflow could allow an untrusted FCGI application to cause a server crash or possibly to execute arbitrary code as the user running the web server." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3872" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2140" ); script_set_attribute( attribute:"solution", value: "Upgrade the libapache2-mod-fcgid packages. For the stable distribution (lenny), this problem has been fixed in version 2.2-1+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"libapache2-mod-fcgid", reference:"2.2-1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Web Servers NASL id MOD_FCGID_2_3_6.NASL description According to its self-reported banner, the Apache web server listening on this port includes a version of the mod_fcgid module earlier than 2.3.6. As such, it has a stack-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the last seen 2020-06-01 modified 2020-06-02 plugin id 54607 published 2011-05-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54607 title Apache mod_fcgid Module fcgid_header_bucket_read() Function Remote Stack Buffer Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(54607); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2010-3872"); script_bugtraq_id(44900); script_name(english:"Apache mod_fcgid Module fcgid_header_bucket_read() Function Remote Stack Buffer Overflow"); script_summary(english:"Banner check to find vulnerable versions of mod_fcgid"); script_set_attribute(attribute:"synopsis", value: "The remote web server is at risk of a buffer overflow attack."); script_set_attribute(attribute:"description", value: "According to its self-reported banner, the Apache web server listening on this port includes a version of the mod_fcgid module earlier than 2.3.6. As such, it has a stack-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the 'fcgid_header_bucket_read()' function. An unauthenticated, remote attacker can leverage this with a specially crafted request to overwrite data on the stack, leading to an application crash or possibly even arbitrary code execution subject to the privileges under which the web server operates."); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=49406"); # http://mail-archives.apache.org/mod_mbox/httpd-announce/201011.mbox/%[email protected]%3E script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?012dfc54"); script_set_attribute(attribute:"solution", value:"Update to version 2.3.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:mod_fcgid"); script_end_attributes(); script_family(english:"Web Servers"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/http", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); server = http_server_header(port:port); if (isnull(server)) exit(0, "The web server listening on port "+port+" does not send a Server response header."); if ("mod_fcgid" >!< server) exit(0, "The banner from the web server on port "+port+" does not mention mod_fcgid."); match = eregmatch(string:server, pattern:"mod_fcgid/([0-9.]+)"); if (!match) exit(1, "The banner from the web server on port "+port+" does not include the mod_fcgid version."); version = match[1]; if (report_paranoia < 2) audit(AUDIT_PARANOID); fixed_version = "2.3.6"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + server + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else exit(0, "The web server on port "+port+" appears to be using mod_fcgid "+version+" and thus is not affected.");NASL family Fedora Local Security Checks NASL id FEDORA_2010-17474.NASL description This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50617 published 2010-11-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50617 title Fedora 12 : mod_fcgid-2.3.6-1.fc12 (2010-17474) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-17474. # include("compat.inc"); if (description) { script_id(50617); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3872"); script_xref(name:"FEDORA", value:"2010-17474"); script_name(english:"Fedora 12 : mod_fcgid-2.3.6-1.fc12 (2010-17474)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?14898432" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"mod_fcgid-2.3.6-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201207-09.NASL description The remote host is affected by the vulnerability described in GLSA-201207-09 (mod_fcgid: Multiple vulnerabilities) Multiple vulnerabilities have been found in mod_fcgid: An error in the last seen 2020-06-01 modified 2020-06-02 plugin id 59901 published 2012-07-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59901 title GLSA-201207-09 : mod_fcgid: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201207-09. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59901); script_version("1.7"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-3872", "CVE-2012-1181"); script_bugtraq_id(44900, 52565); script_xref(name:"GLSA", value:"201207-09"); script_name(english:"GLSA-201207-09 : mod_fcgid: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201207-09 (mod_fcgid: Multiple vulnerabilities) Multiple vulnerabilities have been found in mod_fcgid: An error in the 'fcgid_header_bucket_read()' function in fcgid_bucket.c could cause a stack-based buffer overflow (CVE-2010-3872). An error in the 'is_spawn_allowed() function in fcgid_spawn_ctl.c prevents Apache from recognizing the FcgidMaxProcessesPerClass directive for a virtual host (CVE-2012-1181). Impact : A local attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Furthermore, a remote attacker could send specially crafted HTTP requests, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201207-09" ); script_set_attribute( attribute:"solution", value: "All mod_fcgid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apache/mod_fcgid-2.3.7'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apache/mod_fcgid", unaffected:make_list("ge 2.3.7"), vulnerable:make_list("lt 2.3.7"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-17472.NASL description This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50616 published 2010-11-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50616 title Fedora 14 : mod_fcgid-2.3.6-1.fc14 (2010-17472) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-17472. # include("compat.inc"); if (description) { script_id(50616); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3872"); script_xref(name:"FEDORA", value:"2010-17472"); script_name(english:"Fedora 14 : mod_fcgid-2.3.6-1.fc14 (2010-17472)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?507d89e0" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"mod_fcgid-2.3.6-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-17434.NASL description This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50615 published 2010-11-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50615 title Fedora 13 : mod_fcgid-2.3.6-1.fc13 (2010-17434) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-17434. # include("compat.inc"); if (description) { script_id(50615); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:32"); script_cve_id("CVE-2010-3872"); script_xref(name:"FEDORA", value:"2010-17434"); script_name(english:"Fedora 13 : mod_fcgid-2.3.6-1.fc13 (2010-17434)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872). It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements. Other changes are described in CHANGES-FCGID document included in the package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6f73ccf9" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"mod_fcgid-2.3.6-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }NASL family SuSE Local Security Checks NASL id SUSE_11_3_APACHE2-MOD_FCGID-110727.NASL description A possible stack overflow in apache2-mod_fcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 75428 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75428 title openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2011:0884-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update apache2-mod_fcgid-4933. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75428); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2010-3872"); script_name(english:"openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2011:0884-1)"); script_summary(english:"Check for the apache2-mod_fcgid-4933 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A possible stack overflow in apache2-mod_fcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=656092" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00015.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"apache2-mod_fcgid-2.2-101.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_fcgid"); }
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html
- http://www.vupen.com/english/advisories/2010/2998
- http://secunia.com/advisories/42288
- http://secunia.com/advisories/42302
- http://www.vupen.com/english/advisories/2010/2997
- http://osvdb.org/69275
- http://www.gossamer-threads.com/lists/apache/announce/391406
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
- http://secunia.com/advisories/42815
- http://www.vupen.com/english/advisories/2011/0031
- http://www.securityfocus.com/bid/44900
- http://www.debian.org/security/2010/dsa-2140
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63303
- https://bugzilla.redhat.com/show_bug.cgi?id=2248172
- https://access.redhat.com/security/cve/CVE-2010-3872
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2