Vulnerabilities > CVE-2013-4365 - Out-of-bounds Write vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 | |
Application | 2 | |
OS | 2 | |
OS | 3 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS11_APACHE_20140401.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. (CVE-2013-4365) last seen 2020-06-01 modified 2020-06-02 plugin id 80586 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80586 title Oracle Solaris Third-Party Patch Update : apache (cve_2013_4365_buffer_errors) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80586); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2013-4365"); script_name(english:"Oracle Solaris Third-Party Patch Update : apache (cve_2013_4365_buffer_errors)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. (CVE-2013-4365)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2013-4365-buffer-errors-vulnerability-in-apache" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.17.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:apache"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^apache-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.17.0.5.0", sru:"SRU 11.1.17.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : apache\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "apache");
NASL family Web Servers NASL id MOD_FCGID_2_3_9.NASL description According to its self-reported banner, the Apache web server listening on this port includes a version of the mod_fcgid module earlier than 2.3.9. That reportedly has a heap-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the last seen 2020-06-01 modified 2020-06-02 plugin id 70682 published 2013-10-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70682 title Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70682); script_version("1.6"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-4365"); script_bugtraq_id(62939); script_name(english:"Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap-Based Buffer Overflow"); script_summary(english:"Banner check to find vulnerable versions of mod_fcgid"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported banner, the Apache web server listening on this port includes a version of the mod_fcgid module earlier than 2.3.9. That reportedly has a heap-based buffer overflow vulnerability because of an error in the pointer arithmetic used in the 'fcgid_header_bucket_read()' function."); script_set_attribute(attribute:"see_also", value:"https://www.mail-archive.com/[email protected]/msg58077.html"); # https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%[email protected]%3E script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?08112f11"); script_set_attribute(attribute:"solution", value: "Update to version 2.3.9 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4365"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/29"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:mod_fcgid"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/http", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); server = http_server_header(port:port); if (isnull(server)) exit(0, "The web server listening on port "+port+" does not send a Server response header."); if ("mod_fcgid" >!< server) exit(0, "The banner from the web server on port "+port+" does not mention mod_fcgid."); match = eregmatch(string:server, pattern:"mod_fcgid/([0-9.]+)"); if (!match) exit(1, "The banner from the web server on port "+port+" does not include the mod_fcgid version."); version = match[1]; if (report_paranoia < 2) audit(AUDIT_PARANOID); fixed_version = "2.3.9"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + server + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else exit(0, "The web server on port "+port+" appears to be using mod_fcgid "+version+" and thus is not affected.");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9003B50031E311E3B0D020CF30E32F6D.NASL description Apache Project reports : Fix possible heap buffer overwrite. last seen 2020-06-01 modified 2020-06-02 plugin id 70379 published 2013-10-11 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70379 title FreeBSD : mod_fcgid -- possible heap buffer overwrite (9003b500-31e3-11e3-b0d0-20cf30e32f6d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(70379); script_version("1.3"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2013-4365"); script_name(english:"FreeBSD : mod_fcgid -- possible heap buffer overwrite (9003b500-31e3-11e3-b0d0-20cf30e32f6d)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Apache Project reports : Fix possible heap buffer overwrite." ); # https://vuxml.freebsd.org/freebsd/9003b500-31e3-11e3-b0d0-20cf30e32f6d.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?163ea460" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ap22-mod_fcgid"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ap24-mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ap22-mod_fcgid<2.3.9")) flag++; if (pkg_test(save_report:TRUE, pkg:"ap24-mod_fcgid<2.3.9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2013-18638.NASL description Current upstream maintenance release, including a security fix for a possible heap buffer overwrite issue (CVE-2013-4365). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-20 plugin id 70509 published 2013-10-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70509 title Fedora 19 : mod_fcgid-2.3.9-1.fc19 (2013-18638) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-18638. # include("compat.inc"); if (description) { script_id(70509); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4365"); script_bugtraq_id(62939); script_xref(name:"FEDORA", value:"2013-18638"); script_name(english:"Fedora 19 : mod_fcgid-2.3.9-1.fc19 (2013-18638)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Current upstream maintenance release, including a security fix for a possible heap buffer overwrite issue (CVE-2013-4365). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1017039" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119288.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3f97f10" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"mod_fcgid-2.3.9-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-18579.NASL description Current upstream maintenance release, including a security fix for a possible heap buffer overwrite issue (CVE-2013-4365). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-15 plugin id 70431 published 2013-10-15 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70431 title Fedora 20 : mod_fcgid-2.3.9-1.fc20 (2013-18579) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-18579. # include("compat.inc"); if (description) { script_id(70431); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4365"); script_bugtraq_id(62939); script_xref(name:"FEDORA", value:"2013-18579"); script_name(english:"Fedora 20 : mod_fcgid-2.3.9-1.fc20 (2013-18579)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Current upstream maintenance release, including a security fix for a possible heap buffer overwrite issue (CVE-2013-4365). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1017039" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/118997.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?06a6d0af" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_fcgid package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mod_fcgid-2.3.9-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_fcgid"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-09.NASL description The remote host is affected by the vulnerability described in GLSA-201402-09 (Apache mod_fcgid: Arbitrary code execution) Apache mod_fcgid fails to perform a boundary check on user-supplied input, potentially resulting in a heap-based buffer overflow. Impact : A remote attacker can supply a crafted input, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72409 published 2014-02-10 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72409 title GLSA-201402-09 : Apache mod_fcgid: Arbitrary code execution code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201402-09. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72409); script_version("1.6"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2013-4365"); script_bugtraq_id(62939); script_xref(name:"GLSA", value:"201402-09"); script_name(english:"GLSA-201402-09 : Apache mod_fcgid: Arbitrary code execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201402-09 (Apache mod_fcgid: Arbitrary code execution) Apache mod_fcgid fails to perform a boundary check on user-supplied input, potentially resulting in a heap-based buffer overflow. Impact : A remote attacker can supply a crafted input, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201402-09" ); script_set_attribute( attribute:"solution", value: "All Apache mod_fcgid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apache/mod_fcgid-2.3.9'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mod_fcgid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apache/mod_fcgid", unaffected:make_list("ge 2.3.9"), vulnerable:make_list("lt 2.3.9"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache mod_fcgid"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-239.NASL description Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 70901 published 2013-11-14 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70901 title Amazon Linux AMI : mod24_fcgid (ALAS-2013-239) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2778.NASL description Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. last seen 2020-03-17 modified 2013-10-13 plugin id 70403 published 2013-10-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70403 title Debian DSA-2778-1 : libapache2-mod-fcgid - heap-based buffer overflow NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-808.NASL description the following security issue was fixed in apache2-mod_fcgid : - fixes a heap overflow identified by CVE-2013-4365 [bnc#844935]. last seen 2020-06-05 modified 2014-06-13 plugin id 75180 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75180 title openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2013:1609-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-238.NASL description Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 70900 published 2013-11-14 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70900 title Amazon Linux AMI : mod_fcgid (ALAS-2013-238) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-846.NASL description security issue fixed in apache2-mod_fcgid : loop counter handled incorrectly, leading to SEGV and last seen 2020-06-05 modified 2014-06-13 plugin id 75195 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75195 title openSUSE Security Update : apache2-mod_fcgid (openSUSE-SU-2013:1664-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-18686.NASL description Current upstream maintenance release, including a security fix for a possible heap buffer overwrite issue (CVE-2013-4365). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-10-20 plugin id 70510 published 2013-10-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70510 title Fedora 18 : mod_fcgid-2.3.9-1.fc18 (2013-18686) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-256.NASL description Updated apache-mod_fcgid package fixes security vulnerability : Apache mod_fcgid before version 2.3.9 fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code (CVE-2013-4365). last seen 2020-06-01 modified 2020-06-02 plugin id 70523 published 2013-10-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70523 title Mandriva Linux Security Advisory : apache-mod_fcgid (MDVSA-2013:256)
References
- http://secunia.com/advisories/55197
- http://svn.apache.org/viewvc?view=revision&revision=1527362
- http://www.debian.org/security/2013/dsa-2778
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
- http://www.securityfocus.com/bid/62939
- http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html