oss-sec mailing list archives
Re: CVE request: lighttpd
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 26 Feb 2008 13:04:06 -0500 (EST)
====================================================== Name: CVE-2008-0983 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983 Reference: CONFIRM:http://trac.lighttpd.net/trac/ticket/1562 Reference: BID:27943 Reference: URL:http://www.securityfocus.com/bid/27943 Reference: FRSIRT:ADV-2008-0659 Reference: URL:http://www.frsirt.com/english/advisories/2008/0659/references Reference: SECUNIA:29066 Reference: URL:http://secunia.com/advisories/29066 lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Current thread:
- CVE request: lighttpd Jonathan Smith (Feb 22)
- <Possible follow-ups>
- Re: CVE request: lighttpd Steven M. Christey (Feb 26)