[Secure-testing-team] Bug#601585: weborf: DoS on malformed requests
Salvo Tomaselli
tiposchi at tiscali.it
Wed Oct 27 14:05:37 UTC 2010
Package: weborf
Version: 0.12.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
Example of exploit here:
https://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.4
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35.7-calipso (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages weborf depends on:
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
weborf recommends no packages.
Versions of packages weborf suggests:
ii php5-cgi 5.3.3-2 server-side, HTML-embedded scripti
-- no debconf information
More information about the Secure-testing-team
mailing list