Date: Fri, 22 Feb 2008 21:33:04 -0900 From: Jonathan Smith <smithj@...ethemallocs.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: lighttpd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: [SA29066] lighttpd File Descriptor Array Denial of Service Vulnerability Date: 23 Feb 2008 03:19:30 -0000 From: Secunia Security Advisories <sec-adv@...unia.com> To: smithj@...ethemallocs.com [snip] TITLE: lighttpd File Descriptor Array Denial of Service Vulnerability SECUNIA ADVISORY ID: SA29066 VERIFY ADVISORY: http://secunia.com/advisories/29066/ CRITICAL: Moderately critical IMPACT: DoS WHERE: ~From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/ DESCRIPTION: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a calculation error when allocating the global file descriptor array and can be exploited to crash an affected server. The vulnerability is reported in version 1.4.18. Other versions may also be affected. SOLUTION: A temporary patch is available. http://trac.lighttpd.net/trac/attachment/ticket/1562/Fix-372-and-1562.patch Restrict network access to the service. PROVIDED AND/OR DISCOVERED BY: fdeletang ORIGINAL ADVISORY: http://trac.lighttpd.net/trac/ticket/1562 [snip] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) iEYEARECAAYFAke/vh8ACgkQCG91qXPaRemUfACfX8i8etCHjt1USUVkzUiA4yzz CM8AnihaPOMcHfbCrg/A3d46ygIu2E5F =hz8R -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ