CVE-2011-2900: Buffer Overflow
First published: Fri Aug 05 2011(Updated: )
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Valenok Mongoose | =3.0 | |
| Shttpd Shttpd | =1.42 | |
| Yassl Yasslews | =0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2011/08/03/9
- http://www.openwall.com/lists/oss-security/2011/08/03/5
- http://www.securityfocus.com/bid/48980
- http://secunia.com/advisories/45464
- https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0
- http://securityreason.com/securityalert/8337
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html
- http://secunia.com/advisories/45902
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68991
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/valenok
- canonical/valenok mongoose
- version/valenok mongoose/3.0
- vendor/shttpd
- canonical/shttpd shttpd
- version/shttpd shttpd/1.42
- vendor/yassl
- canonical/yassl yasslews
- version/yassl yasslews/0.2