[pkg-lighttpd] Bug#441555: lighttpd: header overflow when using the mod_fastcgi extension
Stefan Andersson
stefan at stardoll.com
Mon Sep 10 11:41:10 UTC 2007
Package: lighttpd
Version: 1.4.13-4etch1
Severity: critical
Tags: security
Justification: arbitrary code execution
Bug info:
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
Patch:
http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages lighttpd depends on:
ii libattr1 2.4.32-1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
ii php5-cgi 5.2.3-0.dotdeb.0 server-side, HTML-embedded scripti
-- no debconf information
More information about the pkg-lighttpd-maintainers
mailing list