MidnightBSD

Advisories for umn

CVE-2010-2539 LOW

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.6.0
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
osgeo mapserver 5.2.1
umn mapserver 4.0
osgeo mapserver 4.10.2
osgeo mapserver *
osgeo mapserver 5.4.0
osgeo mapserver 4.10.1
osgeo mapserver 4.10.0
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
CVE-2010-2540 HIGH

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.6.0
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
osgeo mapserver 5.2.1
umn mapserver 4.0
osgeo mapserver 4.10.2
osgeo mapserver *
osgeo mapserver 5.4.0
osgeo mapserver 4.10.1
osgeo mapserver 4.10.0
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
CVE-2011-2703 HIGH

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
umn mapserver 5.6.5
osgeo mapserver 5.2.1
osgeo mapserver 4.10.2
osgeo mapserver *
umn mapserver 5.6.4
osgeo mapserver 4.10.1
osgeo mapserver 5.6.3
umn mapserver 5.2.2
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
umn mapserver 6.0.0
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
osgeo mapserver 5.6.0
umn mapserver 5.6.6
osgeo mapserver 4.10.5
osgeo mapserver 5.4.0
umn mapserver 5.2.3
osgeo mapserver 4.10.0
CVE-2011-2704 HIGH

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
umn mapserver 5.6.5
osgeo mapserver 5.2.1
osgeo mapserver 4.10.2
osgeo mapserver *
umn mapserver 5.6.4
osgeo mapserver 4.10.1
osgeo mapserver 5.6.3
umn mapserver 5.2.2
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
osgeo mapserver 5.6.0
umn mapserver 5.6.6
osgeo mapserver 4.10.5
osgeo mapserver 5.4.0
umn mapserver 5.2.3
osgeo mapserver 4.10.0
CVE-2011-2975 MEDIUM

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
umn mapserver 5.6.5
osgeo mapserver 5.2.1
umn mapserver 4.10.7
osgeo mapserver 4.10.2
umn mapserver 5.6.7
osgeo mapserver *
umn mapserver 5.6.4
osgeo mapserver 4.10.1
osgeo mapserver 5.6.3
umn mapserver 5.2.2
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
umn mapserver 6.0.0
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
osgeo mapserver 5.6.0
umn mapserver 5.6.6
osgeo mapserver 4.10.5
osgeo mapserver 5.4.0
umn mapserver 5.2.3
osgeo mapserver 4.10.0
CVE-2013-7262 MEDIUM

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
osgeo mapserver 4.4.0
osgeo mapserver 5.4.2
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
osgeo mapserver 5.2.1
osgeo mapserver 4.10.2
umn mapserver 5.6.7
osgeo mapserver *
osgeo mapserver 4.10.1
osgeo mapserver 5.6.3
osgeo mapserver 5.4.1
osgeo mapserver 4.6.0
osgeo mapserver 4.8.0
osgeo mapserver 6.0.2
osgeo mapserver 4.2.0
osgeo mapserver 4.10.4
osgeo mapserver 6.0.3
umn mapserver 6.0.0
osgeo mapserver 4.10.3
osgeo mapserver 5.6.1
osgeo mapserver 6.2.1
osgeo mapserver 5.6.0
osgeo mapserver 4.10.5
osgeo mapserver 5.4.0
osgeo mapserver 6.0.1
umn mapserver 5.2.3
osgeo mapserver 4.10.0
osgeo mapserver 6.2.0