Short Name |
HTTP:LHTTPD:FCGI-HEADER-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Light HTTPD FastCGI Header Overflow
|
Release Date |
2007/11/01
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Light HTTPD FastCGI Header Overflow
This signature detects attempts to exploit a known vulnerability in lighttpd running the FastCGI module. Versions 1.4.7 and prior are vulnerable. A successful attacker can overflow a header buffer and execute arbitrary code.
Extended Description
Lighttpd is prone to a remote header-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it.
An attacker may exploit this issue to overwrite PHP headers such as 'SCRIPT_FILENAME'. This may allow the attacker to execute to script code, obtain sensitive information, and launch other attacks. Exploiting this issue may also aid in the remote compromise of an affected computer.
Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Foresight_linux foresight_linux 1.1
- Gentoo linux
- Lighttpd lighttpd 1.3.10
- Lighttpd lighttpd 1.3.7
- Lighttpd lighttpd 1.3.8
- Lighttpd lighttpd 1.4.0
- Lighttpd lighttpd 1.4.1
- Lighttpd lighttpd 1.4.10
- Lighttpd lighttpd 1.4.10A
- Lighttpd lighttpd 1.4.11
- Lighttpd lighttpd 1.4.12
- Lighttpd lighttpd 1.4.13
- Lighttpd lighttpd 1.4.14
- Lighttpd lighttpd 1.4.15
- Lighttpd lighttpd 1.4.16
- Lighttpd lighttpd 1.4.17
- Lighttpd lighttpd 1.4.2
- Lighttpd lighttpd 1.4.3
- Lighttpd lighttpd 1.4.4
- Lighttpd lighttpd 1.4.5
- Lighttpd lighttpd 1.4.6
- Lighttpd lighttpd 1.4.7
- Lighttpd lighttpd 1.4.8
- Lighttpd lighttpd 1.4.9
- Red_hat fedora Core7
- Rpath rpath_linux 1
- Suse linux 10.0 Ppc
- Suse linux 10.0 X86
- Suse linux 10.0 X86-64
- Suse linux 10.1 Ppc
- Suse linux 10.1 X86
- Suse linux 10.1 X86-64
- Suse linux_desktop 10
- Suse linux_personal 10.0.0 OSS
- Suse linux_personal 10.1
- Suse linux_personal 10.2
- Suse linux_personal 10.2 X86 64
- Suse linux_professional 10.0.0
- Suse linux_professional 10.0.0 OSS
- Suse linux_professional 10.1
- Suse linux_professional 10.2
- Suse linux_professional 10.2 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse novell_linux_pos 9
- Suse open-enterprise-server
- Suse opensuse 10.2
- Suse opensuse 10.3
- Suse suse_linux_enterprise_desktop 10
- Suse suse_linux_enterprise_desktop 10 SP1
- Suse suse_linux_enterprise_sdk 10
- Suse suse_linux_enterprise_sdk 10.SP1
- Suse suse_linux_enterprise_server 10
- Suse suse_linux_enterprise_server 10 SP1
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_openexchange_server 4.0.0
- Suse suse_linux_retail_solution 8.0.0
- Suse suse_linux_school_server_for_i386
- Suse suse_linux_standard_server 8.0.0
- Suse unitedlinux 1.0.0
References