Joe Testa

**Name of the Vulnerable Software and Affected Versions** Memcached versions prior to 1.2.8 MemcacheDB version 1.2.0 **Description** The issue allows remote attackers to obtain sensitive information, such as the locations of memory regions, by sending a command to the daemon's TCP port. This can defeat ASLR protection. The `process stat` function discloses the contents of `/proc/self/maps` in response to a `stats maps` command and memory-allocation statistics in response to a `stats malloc` command. **Recommendations** For Memcached versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. For MemcacheDB version 1.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `stats maps` and `stats malloc` commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** A directory traversal issue exists, allowing remote attackers to create arbitrary files. This is achieved by using a .. (dot dot) in the `id` parameter. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** The issue allows remote attackers to read arbitrary invalid .map files via a full pathname in the `map` parameter. This triggers the display of partial file contents within an error message. For example, a /tmp/sekrut.map symlink can be used to demonstrate this issue. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** The issue allows remote attackers to determine the existence of arbitrary files via a full pathname in the `queryfile` parameter. This is achieved by triggering different error messages depending on whether the specified pathname exists. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** The issue allows remote attackers to conduct buffer-overflow attacks via a long `id` parameter in a query action, due to the failure of `mapserv.c` in `mapserv` to ensure that the string holding the `id` parameter ends in a '0' character. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** A stack-based buffer overflow issue exists when the server has a map with a long `IMAGEPATH` or `NAME` attribute, allowing remote attackers to execute arbitrary code via a crafted `id` parameter in a "query" action. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** MapServer versions 4.x through 4.10.3 MapServer versions 5.x through 5.2.1 **Description** A heap-based buffer underflow issue exists in the readPostBody function in cgiutil.c in mapserv. This issue allows remote attackers to have an unknown impact via a negative value in the `Content-Length` HTTP header. **Recommendations** For MapServer versions 4.x through 4.10.3, update to version 4.10.4 or later. For MapServer versions 5.x through 5.2.1, update to version 5.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Symantec Scan Engine versions prior to 5.1.0.7 **Description** The issue allows remote attackers to obtain sensitive log and virus definition files due to insufficient access control. These files are stored under the web root, making them accessible via direct requests. **Recommendations** For versions prior to 5.1.0.7, update to version 5.1.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Darwin Streaming Server version 4.1.1 **Description** The issue allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the `filename` parameter and comparing the resulting error messages. This is related to the `parse xml.cgi` component. **Recommendations** For Darwin Streaming Server version 4.1.1, consider restricting access to the `parse xml.cgi` component until a patch is available. As a temporary workaround, avoid using the `filename` parameter with ".." sequences in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** Apple Darwin Streaming Server version 4.1.2 Apple Quicktime Streaming Server version 4.1.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a `(triple dot)` in the `filename` parameter. **Recommendations** For Apple Darwin Streaming Server version 4.1.2, avoid using the `filename` parameter with `(triple dot)` until a fix is available. For Apple Quicktime Streaming Server version 4.1.1, restrict access to the `parse xml.cgi` module to minimize the risk of exploitation.