MapServer Map file dual-release Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Regents of the University of Minneso MapServer 6.x
Regents of the University of Minneso MapServer 5.x
Unaffected system:
Regents of the University of Minneso MapServer 6.0.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49374
Cve id: CVE-2011-2975

MapServer is a multi-platform program used to create an interactive map application.

MapServer has a vulnerability in MAP File Processing. Remote attackers can exploit this vulnerability to cause application crash, DOS legitimate users, and arbitrary code execution.

When the file name is an http resource, msAddImageSymbol () is released.

<* Source: rouault

Link: http://trac.osgeo.org/mapserver/ticket/3939
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.securityfocus.com/data/vulnerabilities/exploits/49095.pl

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Regents of the University of Minneso
------------------------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://mapserver.gis.umn.edu/