oss-sec mailing list archives

CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)

From: Stefan Bühler <stbuehler () lighttpd net>
Date: Tue, 12 Nov 2013 17:14:15 +0100

Hi,

I'd like to request CVE ids for the following issues in lighttpd:

1. setuid/setgid/setgroups return values are not checked

If setuid() fails for any reason (RLIMIT_NPROC) lighttpd runs as root.

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt


2. If FAMMonitorDirectory fails, lighttpd reads a value from already
free()d memory.

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt


Both issues were found with clang static analyzer, so I assume the bad
guys already know these.

regards,
Stefan

Attachment: signature.asc
Description:

Current thread:

CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Stefan Bühler (Nov 12)
- Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Kurt Seifried (Nov 12)