lighttpd File Descriptor Array Denial of Service Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

lighttpd File Descriptor Array Denial of Service Vulnerability - Security - World -

CWRedLight

(Date : 24.04.2008 18:56:30)

lighttpd File Descriptor Array Denial of Service Vulnerability

Secunia Advisory:	SA29066
Release Date:	2008-02-22
Last Update:	2008-03-11

Critical:	Moderately critical
Impact:	DoS
Where:	From remote
Solution Status:	Vendor Patch

Software:	lighttpd 1.x

CVE reference:	CVE-2008-0983 (Secunia mirror)

Description:
A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a calculation error when allocating the global file descriptor array and can be exploited to crash an affected server.

The vulnerability is reported in version 1.4.18. Other versions may also be affected.

Solution:
Update to version 1.4.19.

Provided and/or discovered by:
fdeletang

Changelog:
2008-02-28: Added CVE reference.
2008-03-11: Updated "Solution" section, added new link to the "Original Advisory" section.

Original Advisory:
http://www.lighttpd.net/security/lighttpd_sa_2008_01.txt
http://trac.lighttpd.net/trac/ticket/1562

Derecelendir

Kaynak

http://secunia.com/advisories/29066/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS