'Re: [oss-security] CVE request: sthttpd remote heap buffer overflow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: sthttpd remote heap buffer overflow
From:       Thomas Deutschmann <whissi () gentoo ! org>
Date:       2017-06-29 9:43:13
Message-ID: 07546f89-f5f8-7ff0-a370-138cc43393ca () gentoo ! org
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Hi,

I requested a CVE from MITRE and got CVE-2017-10671 for this
vulnerability:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> > [Vulnerability Type]
> > Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1
> > allows remote attackers to cause a denial of service (daemon crash) or possibly have \
> > unspecified other impact via a crafted filename. 
> > ------------------------------------------
> > 
> > [Vulnerability Type]
> > Buffer Overflow
> > 
> > ------------------------------------------
> > 
> > [Affected Product Code Base]
> > sthttpd - <2.27.1
> > 
> > ------------------------------------------
> > 
> > [Affected Component]
> > de_dotdot function
> > 
> > ------------------------------------------
> > 
> > [Attack Type]
> > Remote
> > 
> > ------------------------------------------
> > 
> > [CVE Impact Other]
> > I have no information about the impact. Would be nice if you could check on your own.
> > 
> > ------------------------------------------
> > 
> > [Attack Vectors]
> > A remote attacker could trigger the flaw in sthttpd's request parsing code via a specially \
> > crafted request. 
> > ------------------------------------------
> > 
> > [Reference]
> > http://www.openwall.com/lists/oss-security/2017/06/15/9
> > https://github.com/blueness/sthttpd/releases/tag/v2.27.1
> > https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660
> > 
> > ------------------------------------------
> > 
> > [Has vendor confirmed or acknowledged the vulnerability?]
> > true
> > 
> > ------------------------------------------
> > 
> > [Discoverer]
> > Alexandre Rebert from ForAllSecure
> 
> Use CVE-2017-10671.
> 
> 
> - -- 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
> http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCAAGBQJZVGIGAAoJEHb/MwWLVhi2PPAP/RRQ9jGYVCEvLryJtICH/vvj
> ZjS17vckkYVbSOMoTNQR9WihtsQCzkQZ+LL2Qnio45+NORCGn6nLMAi24SotXlrs
> HI16p2h3+fZ3H/JCgT46fUDUHetq30Fy6NhwSKxCwtYEKiNvw4yT0QIPK9bmzf/p
> nTKHDQCMqYp82tFBgReZPRivQcd/+Zbi6CWsS0oNzIsADjZZx1RdaHBJoOZIFcKv
> bBopi0KDIPNgn3VsZwANz0Ex/ju3TfJVb8A9jpNyKlYaKwsou/TAw1g2l90KZxzW
> Som1pG8s/I+MynJhHDNpJm59S6nFWAzZh++lySiEWIepiEsWhEzBpJBBkSAp3wum
> TPhQNJ9BJdiS54rNqKMTGx7WxEvEcklsGQG87bfmUdyNRHYl/lElRYPNelciTnyU
> 38B7E1FwcF793Z5JJfwge1ayo7ShaCaUGx082nU9XVuSFfpG0vrcelOhFAZ0cxyW
> 9+DbSW/01FWWL35pEN0LJ5m5GeOpNa+hjn9VS/qbOiHk9n/PszbL00lS+Q+LKqTj
> J3rOoTkM69d1stlcO8/ehwyr/xo6n6u8v8BmV6So1VWgefk/cI98aoOQvEIDpwQt
> iALKi/+UinhQhG0vCtkKHXsFYXIOv7zk03EfKT37Bh13DuBBJDgIt9nMesVxpsRE
> SmLuxFujGHPobnwbNGqJ
> =CKLn
> -----END PGP SIGNATURE-----


-- 
Regards,
Thomas Deutschmann / Gentoo Security Team
C4DD 695F A713 8F24 2AA1  5638 5849 7EE5 1D5D 74A5


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic