First published: Wed Nov 30 2011(Updated: )
An signedness error, leading to out of stack-based buffer read flaw was found in the way lighttpd, a lightning fast webserver with light system requirements, processed certain invalid base64 HTTP authentication tokens. A remote attacker could provide a specially crafted HTTP authentication request, leading to denial of service (lighttpd daemon crash due to an signedness error while processing the token). Upstream bug report: [1] <a href="http://redmine.lighttpd.net/issues/2370">http://redmine.lighttpd.net/issues/2370</a> Upstream patch (with testcase and NEWS update): [2] <a href="http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2806/diff">http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2806/diff</a> References: [3] <a href="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt</a> (upstream advisory) [4] <a href="http://www.openwall.com/lists/oss-security/2011/11/29/8">http://www.openwall.com/lists/oss-security/2011/11/29/8</a> (CVE request) [5] <a href="http://www.openwall.com/lists/oss-security/2011/11/29/13">http://www.openwall.com/lists/oss-security/2011/11/29/13</a> (CVE assignment)
Affected Software | Affected Version | How to fix |
---|---|---|
lighttpd |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-758624 is considered high due to the potential for remote code execution via specially crafted HTTP authentication requests.
To fix REDHAT-BUG-758624, you should upgrade to the latest version of lighttpd that addresses the signedness error.
The systems affected by REDHAT-BUG-758624 include those running the lighttpd web server that process HTTP authentication requests.
REDHAT-BUG-758624 is classified as an out-of-bounds read vulnerability due to a signedness error in processing base64 HTTP authentication tokens.
Yes, REDHAT-BUG-758624 can be exploited remotely by an attacker sending a specially crafted HTTP authentication request.