Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2011-0419

Description

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

POC

Reference

- http://securityreason.com/achievement_securityalert/98

- http://securityreason.com/securityalert/8246

- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Github

- https://github.com/8ctorres/SIND-Practicas

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/DButter/whitehat_public

- https://github.com/Dmitri131313/ReconScan

- https://github.com/Dokukin1/Metasploitable

- https://github.com/Furious992/HW13-01

- https://github.com/GiJ03/ReconScan

- https://github.com/Iknowmyname/Nmap-Scans-M2

- https://github.com/Live-Hack-CVE/CVE-2011-0419

- https://github.com/MrFrozenPepe/Pentest-Cheetsheet

- https://github.com/NikulinMS/13-01-hw

- https://github.com/RoliSoft/ReconScan

- https://github.com/SecureAxom/strike

- https://github.com/Zhivarev/13-01-hw

- https://github.com/issdp/test

- https://github.com/kasem545/vulnsearch

- https://github.com/krlabs/apache-vulnerabilities

- https://github.com/lekctut/sdb-hw-13-01

- https://github.com/matoweb/Enumeration-Script

- https://github.com/mrt2h/DZ

- https://github.com/pedr0alencar/vlab-metasploitable2

- https://github.com/rameel12/Entity-Extraction-Using-Syntaxnet

- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems

- https://github.com/xxehacker/strike

- https://github.com/zzzWTF/db-13-01