FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1956

This CVE name corresponds to:

Entered	Topic
2009-08-25	apache22 -- several vulnerabilities
2009-06-08	apr -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1956 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-1956
Phase	Assigned(20090606)

Description

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

References

Source	Reference
MLIST	[dev] 20090424 Buffer overflow in apr_brigade_vprintf() ?
MLIST	[dev] 20090424 Re: Buffer overflow in apr_brigade_vprintf() ?
MLIST	[oss-security] 20090605 CVE Request (apr-util)
CONFIRM	http://svn.apache.org/viewvc?view=rev&revision=768417
CONFIRM	http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=504390
CONFIRM	http://support.apple.com/kb/HT3937
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg27014463
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
AIXAPAR	PK88341
AIXAPAR	PK91241
AIXAPAR	PK99478
APPLE	APPLE-SA-2009-11-09-1
FEDORA	FEDORA-2009-5969
FEDORA	FEDORA-2009-6014
FEDORA	FEDORA-2009-6261
GENTOO	GLSA-200907-03
HP	HPSBUX02612
HP	SSRT100345
MANDRIVA	MDVSA-2009:131
MANDRIVA	MDVSA-2013:150
REDHAT	RHSA-2009:1107
REDHAT	RHSA-2009:1108
UBUNTU	USN-786-1
UBUNTU	USN-787-1
BID	35251
OVAL	oval:org.mitre.oval:def:11567
OVAL	oval:org.mitre.oval:def:12237
SECUNIA	34724
SECUNIA	35487
SECUNIA	35395
SECUNIA	35565
SECUNIA	35710
SECUNIA	35284
SECUNIA	35843
SECUNIA	35797
SECUNIA	37221
VUPEN	ADV-2009-1907
VUPEN	ADV-2009-3184