LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Foresight: lighttpd Print E-mail
User Rating:      How can I rate this item?
Posted by Bill Keys   
Previous versions of the lighttpd package are vulnerable to a remote Arbitrary Code Execution attack due to a header overflow in the mod_fastcgi extension.

Note that the Foresight System Manager (aka rAPA or rAA), the only user of lighttpd on a default Foresight install, does not enable the mod_fastcgi extension, and so is not vulnerable to this attack.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0054-1
Published: 2007-09-17

Rating: Major

Updated Versions:
    lighttpd=/conary.rpath.com at rpl:devel//1/1.4.18-0.1-1
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.3.2-0.19-4

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727
    https://issues.rpath.com/browse/RPL-1715

Description:
    Previous versions of the lighttpd package are vulnerable to a remote
    Arbitrary Code Execution attack due to a header overflow in the
    mod_fastcgi extension.
    
    Note that the Foresight System Manager (aka rAPA or rAA), the only user of
    lighttpd on a default Foresight install, does not enable the mod_fastcgi
    extension, and so is not vulnerable to this attack.

- ---

Copyright 2007 Foresight Linux Project
Portions copyright 2007 rPath Inc
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRu7eD9fwEn07iAtZAQLaRg/+Ph4t3CYvrhSUihfUx68jWfEWAQH4hKdZ
h8NmwTIr6I3f439WitqtiVudOzB4kNvp58fNYIWhcQAqM5Y6PEkldPpTSRHi0IsB
Ate4EG6/DXYoE8Vdc42LPtZlKjllhPEJ4tPoZt++kLUN4EI9O69+sp1Lz70G+UXf
6//65iGthmR7tWkD+eXIt1tCwm5w5ucvIaKkD5V8Mq4SejuUQ8cWmgH/qTfYMfKY
G/CZQlzQieCL9oj5XeJ1l27heMAdHwg4eXQIhjDMUZgCgK81NsAZG43Fy38Q7/sZ
btE90sFPWDFn+dDqUSzFN8ONcHe1sDE2Y92rTVrc/h1z261O1VMY+8m9eI7+B90C
Zrb0wbkrYncv9/PZ+DSIShhalAnvvzv7DGOuUP956BppXs4vNJM79xuiVSteT1I8
JdB+Ht76TfCL+r56b/liizGoVB9uhjDQG/eUPK+B2rztrcwVc8RfmpbcRC5hQ3dI
qQN/XlRVhmK8RBArTSdwSbuyd8G85DVhW4NsKR7/5TI6IxOZI0Zo0YEyh0GbyRwq
juHergQLbsWF+sY2s8l7a9W+stHifMgAg1C94Zk02vLZ4qVb3H1zwWpUNYWY8T7m
3Gz0A7qFkuknvFDvpBuGuP2j8Rp4tOtPJLf7i55FIwtY5hsgVR47332WAhrSQ1HX
j4MJjoUCOaU=
=2uni
-----END PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.