[pkg-lighttpd] Bug#441787: lighttpd: Remote code execution in FCGI apps (including PHP)
Olaf van der Spek
OlafvdSpek at GMail.Com
Tue Sep 11 08:38:16 UTC 2007
Package: lighttpd
Version: 1.4.15-1
Severity: normal
Hi,
See http://www.lighttpd.net/2007/9/9/1-4-18-speeding-up-a-bit and http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt and http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
FastCGI header overrun in mod_fastcgi
=======================================
Description
-------------
Lighttpd is prone to a header overflow when using the mod_fastcgi extension,
this can lead to arbitrary code execution in the fastcgi application.
For a detailed description of the bug see the external reference.
This bug was found by Mattias Bengtsson <mattias at secweb.se> and
Philip Olausson <po at secweb.se>.
External reference:
http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
Affected versions
-------------------
all previous versions.
Solutions or Workaround
-------------------------
upgrade to 1.4.18 or apply
lighttpd-1.4.x_mod_fastcgi_overrun.patch
This bug is tracked as CVE-2007-4727.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (1, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages lighttpd depends on:
ii libattr1 2.4.32-1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-7 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
ii php5-cgi 5.2.0-8+etch7 server-side, HTML-embedded scripti
-- no debconf information
More information about the pkg-lighttpd-maintainers
mailing list