Bug#434888: closed by Pierre Habouzit (Re: [pkg-lighttpd] Bug#434888: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950])

Fri, 27 Jul 2007 13:52:19 -0700 

What about Etch?


Debian Bug Tracking System wrote:

This is an automatic notification regarding your Bug report
#434888: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] 
[CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950],
which was filed against the lighttpd package.

It has been closed by Pierre Habouzit <[EMAIL PROTECTED]>.

Their explanation is attached below.  If this explanation is
unsatisfactory and you have not received a better one in a separate
message then please contact Pierre Habouzit <[EMAIL PROTECTED]> by replying
to this email.

Debian bug tracking system administrator
(administrator, Debian Bugs database)



------------------------------------------------------------------------

Subject:
Re: [pkg-lighttpd] Bug#434888: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950] 
From:
Pierre Habouzit <[EMAIL PROTECTED]>
Date:
Fri, 27 Jul 2007 17:39:40 +0200
To:
[EMAIL PROTECTED]

To:
[EMAIL PROTECTED]


Version: 1.4.16-1

On Fri, Jul 27, 2007 at 09:11:48AM -0500, Adam Majer wrote:

Package: lighttpd
Severity: critical
Tags: security

Upstream patches from Trac seem to be available from upstream.

>From http://secunia.com/advisories/26130/

DESCRIPTION:
Some vulnerabilities have been reported in lighttpd, which can be
exploited by malicious people to bypass certain security restrictions
or cause a DoS (Denial of Service).

1) An error in the processing of HTTP headers can be exploited to
cause a DoS by sending duplicate HTTP headers with a trailing
whitespace character.

2) An error in mod_auth can be exploited to cause a DoS by sending
requests with the algorithm set to "MD5-sess" and without a cnonce.

3) An error when parsing Auth-Digest headers in mod_auth can
potentially be exploited to cause a DoS by sending multiple
whitespace characters.

4) An error exists in the mechanism that limits the number of active
connections. This can be exploited to cause a DoS.

5)  An error exists in the processing of HTTP requests. This can be
exploited to access restricted files by adding a "/" to an URL.

6) An error exists in mod_scgi. This can be exploited to cause a DoS
by sending a SCGI request and closing the connection while lighttpd
processes the request.

The vulnerabilities are reported in lighttpd-1.4.15. Previous
versions may also be affected.

SOLUTION:
Fixed in the developer branch.

1) http://trac.lighttpd.net/trac/changeset/1869?format=diff&new=1869
2), 3)
http://trac.lighttpd.net/trac/changeset/1875?format=diff&new=1875
4) http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
5) http://trac.lighttpd.net/trac/changeset/1871?format=diff&new=1871
6) http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882

ORIGINAL ADVISORY:
1) http://trac.lighttpd.net/trac/ticket/1232
2, 3) http://trac.lighttpd.net/trac/changeset/1875
4) http://trac.lighttpd.net/trac/ticket/1216
5) http://trac.lighttpd.net/trac/ticket/1230
6) http://trac.lighttpd.net/trac/ticket/1263


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (5, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-rc1 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


_______________________________________________
pkg-lighttpd-maintainers mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/pkg-lighttpd-maintainers






--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to