[ Ø ] Harsh Prakash – GIS Blog

Quiet Musings On Applied Spatial (Health, Disaster, Technology, Planning et al.)

MapServer’s Claim to Fame?

with one comment

I was a little surprised to find MapServer listed on Nessus– the network vulnerability scanner website chugging along on Apache/PHP: Its mention points to greater usage than earlier anticipated. So if even AGG– its Google-esque 5.0 rendering backend is not enough, here‘s another reason for –4.10.3 users to upgrade:

Synopsis:
The remote web server contains CGI scripts that are prone to arbitrary remote command execution and cross-site scripting attacks.

Description:
The remote host is running MapServer, an opensource internet map server.

The installed version of MapServer is vulnerable to multiple cross-site scripting vulnerabilities and to a buffer overflow vulnerability. To exploit those flaws an attacker needs to send specially crafted requests to the mapserv CGI.

By exploiting the buffer overflow vulnerability an attacker would be able to execute code on the remote host with the privileges of the web server.

Solution:
Upgrade to MapServer 4.10.3.

Notice how their solutions are always short and sweet. Savvy programmers/developers would know of a couple of other ways to fail such automatic scanning.

On Nessus, MapServer shares the company of the spatial heavy-weight: Google Earth– ‘heap overflow in the KML engine [FreeBSD]‘. Given Nessus’s reputation in the enterprise class, ESRI’s ArcGIS Server and ArcIMS are both conspicuous by their absence- impossibly secure? less likely; less widespread and not sufficient to warrant a mention, atleast in the enterprise community? quite possible.

–π

Related:
US-CERT Vulnerability Notes Database

- [ Ø ]

    Written by Harsh

    November 10th, 2007 at 10:46 pm

    Posted in IMS,OSGeo

    Tagged with , ,

    One Response to 'MapServer’s Claim to Fame?'

    Subscribe to comments with RSS or TrackBack to 'MapServer’s Claim to Fame?'.

    1. go mapserver!

      opengeo

      14 Nov 07 at 4:14 AM

    Leave a Reply

    Time limit is exhausted. Please reload the CAPTCHA.