oss-sec mailing list archives
CVE request: lighttpd
From: Jonathan Smith <smithj () freethemallocs com>
Date: Fri, 22 Feb 2008 21:33:04 -0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: [SA29066] lighttpd File Descriptor Array Denial of Service Vulnerability Date: 23 Feb 2008 03:19:30 -0000 From: Secunia Security Advisories <sec-adv () secunia com> To: smithj () freethemallocs com [snip] TITLE: lighttpd File Descriptor Array Denial of Service Vulnerability SECUNIA ADVISORY ID: SA29066 VERIFY ADVISORY: http://secunia.com/advisories/29066/ CRITICAL: Moderately critical IMPACT: DoS WHERE: ~From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/ DESCRIPTION: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a calculation error when allocating the global file descriptor array and can be exploited to crash an affected server. The vulnerability is reported in version 1.4.18. Other versions may also be affected. SOLUTION: A temporary patch is available. http://trac.lighttpd.net/trac/attachment/ticket/1562/Fix-372-and-1562.patch Restrict network access to the service. PROVIDED AND/OR DISCOVERED BY: fdeletang ORIGINAL ADVISORY: http://trac.lighttpd.net/trac/ticket/1562 [snip] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) iEYEARECAAYFAke/vh8ACgkQCG91qXPaRemUfACfX8i8etCHjt1USUVkzUiA4yzz CM8AnihaPOMcHfbCrg/A3d46ygIu2E5F =hz8R -----END PGP SIGNATURE-----
Current thread:
- CVE request: lighttpd Jonathan Smith (Feb 22)
- <Possible follow-ups>
- Re: CVE request: lighttpd Steven M. Christey (Feb 26)