'[oss-security] Re: CVE request: lighttpd'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: lighttpd
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-02-26 18:04:06
Message-ID: Pine.GSO.4.51.0802261303360.2856 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2008-0983
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983
Reference: CONFIRM:http://trac.lighttpd.net/trac/ticket/1562
Reference: BID:27943
Reference: URL:http://www.securityfocus.com/bid/27943
Reference: FRSIRT:ADV-2008-0659
Reference: URL:http://www.frsirt.com/english/advisories/2008/0659/references
Reference: SECUNIA:29066
Reference: URL:http://secunia.com/advisories/29066

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
properly calculate the size of a file descriptor array, which allows
remote attackers to cause a denial of service (crash) via a large
number of connections, which triggers an out-of-bounds access.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic