[pkg-lighttpd] Bug#434888: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950]

Adam Majer adamm at zombino.com
Fri Jul 27 14:11:48 UTC 2007 

Package: lighttpd
Severity: critical
Tags: security

Upstream patches from Trac seem to be available from upstream.

>From http://secunia.com/advisories/26130/

DESCRIPTION:
Some vulnerabilities have been reported in lighttpd, which can be
exploited by malicious people to bypass certain security restrictions
or cause a DoS (Denial of Service).

1) An error in the processing of HTTP headers can be exploited to
cause a DoS by sending duplicate HTTP headers with a trailing
whitespace character.

2) An error in mod_auth can be exploited to cause a DoS by sending
requests with the algorithm set to "MD5-sess" and without a cnonce.

3) An error when parsing Auth-Digest headers in mod_auth can
potentially be exploited to cause a DoS by sending multiple
whitespace characters.

4) An error exists in the mechanism that limits the number of active
connections. This can be exploited to cause a DoS.

5)  An error exists in the processing of HTTP requests. This can be
exploited to access restricted files by adding a "/" to an URL.

6) An error exists in mod_scgi. This can be exploited to cause a DoS
by sending a SCGI request and closing the connection while lighttpd
processes the request.

The vulnerabilities are reported in lighttpd-1.4.15. Previous
versions may also be affected.

SOLUTION:
Fixed in the developer branch.

1) http://trac.lighttpd.net/trac/changeset/1869?format=diff&new=1869
2), 3)
http://trac.lighttpd.net/trac/changeset/1875?format=diff&new=1875
4) http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
5) http://trac.lighttpd.net/trac/changeset/1871?format=diff&new=1871
6) http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882

ORIGINAL ADVISORY:
1) http://trac.lighttpd.net/trac/ticket/1232
2, 3) http://trac.lighttpd.net/trac/changeset/1875
4) http://trac.lighttpd.net/trac/ticket/1216
5) http://trac.lighttpd.net/trac/ticket/1230
6) http://trac.lighttpd.net/trac/ticket/1263


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (5, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-rc1 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

More information about the pkg-lighttpd-maintainers mailing list