[pkg-lighttpd] Bug#441787: lighttpd: Remote code execution in FCGI apps (including PHP)

Olaf van der Spek OlafvdSpek at GMail.Com
Tue Sep 11 08:38:16 UTC 2007 

Package: lighttpd
Version: 1.4.15-1
Severity: normal

Hi,

See http://www.lighttpd.net/2007/9/9/1-4-18-speeding-up-a-bit and http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt and http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/

 FastCGI header overrun in mod_fastcgi
=======================================

 Description
-------------

Lighttpd is prone to a header overflow when using the mod_fastcgi extension,
this can lead to arbitrary code execution in the fastcgi application.

For a detailed description of the bug see the external reference.

This bug was found by Mattias Bengtsson <mattias at secweb.se> and
Philip Olausson <po at secweb.se>.

External reference:
http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/

 Affected versions
-------------------

all previous versions.

 Solutions or Workaround
-------------------------

upgrade to 1.4.18 or apply
lighttpd-1.4.x_mod_fastcgi_overrun.patch

This bug is tracked as CVE-2007-4727.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages lighttpd depends on:
ii  libattr1               2.4.32-1          Extended attribute shared library
ii  libbz2-1.0             1.0.3-6           high-quality block-sorting file co
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libldap2               2.1.30-13.3       OpenLDAP libraries
ii  libpcre3               6.7-1             Perl 5 Compatible Regular Expressi
ii  libssl0.9.8            0.9.8c-4          SSL shared libraries
ii  lsb-base               3.1-23.2etch1     Linux Standard Base 3.1 init scrip
ii  mime-support           3.39-1            MIME files 'mime.types' & 'mailcap
ii  perl                   5.8.8-7           Larry Wall's Practical Extraction 
ii  zlib1g                 1:1.2.3-13        compression library - runtime

Versions of packages lighttpd recommends:
ii  php5-cgi                   5.2.0-8+etch7 server-side, HTML-embedded scripti

-- no debconf information

More information about the pkg-lighttpd-maintainers mailing list