Linux Security
    Linux Security
    Linux Security

    Debian: New thttpd packages fix insecure temporary file creation

    Date
    3711
    Posted By
    Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1205-2                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                                 Steve Kemp
    December 1sd, 2006                      https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : thttpd
    Vulnerability  : insecure temporary files
    Problem-Type   : local
    Debian-specific: yes
    CVE ID         : CVE-2006-4248
    Debian Bug     : 396277
    
    
    Marco d'Itri discovered that thttpd, a small, fast and secure webserver,
    makes use of insecure temporary files when its logfiles are rotated,
    which might lead to a denial of service through a symlink attack.
    
    The original advisory for this issue didn't contain fixed packages for all
    supported architectures which are corrected in this update.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.23beta1-3sarge2
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.23beta1-5
    
    We recommend that you upgrade your thttpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.dsc
          Size/MD5 checksum:      614 0f9a3730f341fa0151596a3b9f20764d
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.diff.gz
          Size/MD5 checksum:    14313 8545dd3d0f7a2083ecca36e53e72bd6b
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz
          Size/MD5 checksum:   128712 d3d91f6596f53d5e2b27cea8607d5bba
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_alpha.deb
          Size/MD5 checksum:    59270 d4076615e782deb79cabae37733de534
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_alpha.deb
          Size/MD5 checksum:    28056 ee6e6ccccb7619755da6478e349d03fd
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_amd64.deb
          Size/MD5 checksum:    56090 59ab35cd4a12c7a010229e793d3d031b
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_amd64.deb
          Size/MD5 checksum:    26518 76286320653018389937886b1e6b2cfa
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_arm.deb
          Size/MD5 checksum:    53230 cf8a02a2f0f3bd64522f79111f079642
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_arm.deb
          Size/MD5 checksum:    24694 88d75dcab4fa8bca63f48afb04ded258
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_hppa.deb
          Size/MD5 checksum:    57420 0104f76c6a50be56598ecb7ebb6317a4
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_hppa.deb
          Size/MD5 checksum:    26984 46a6908e5e1a0c02bb6b065ed6fab80d
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_i386.deb
          Size/MD5 checksum:    51180 991b1072ebd903b6a9ee316b1bfdc8c6
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_i386.deb
          Size/MD5 checksum:    24776 fd3dddb60d160a6245da4c7efd5dcfe4
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_ia64.deb
          Size/MD5 checksum:    71992 3ae1510acb0dad29743795678058e467
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_ia64.deb
          Size/MD5 checksum:    30360 d1b09a54ddb43b6cf5b080e59dbb9792
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_m68k.deb
          Size/MD5 checksum:    50170 58f820e0cc1ff0921d641fc4f340d4ae
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_m68k.deb
          Size/MD5 checksum:    24834 fd383afb658a319f594056f14107c6f7
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_mips.deb
          Size/MD5 checksum:    57060 d42bd66e806d204f9b01559148cbbbea
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_mips.deb
          Size/MD5 checksum:    31062 b2fedfffe04d03b9d4d7d2316669735e
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_mipsel.deb
          Size/MD5 checksum:    57168 4407a2da69e31159642973201900f64e
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_mipsel.deb
          Size/MD5 checksum:    31188 3a9282003d6785a05ef91a17c646eb1b
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_powerpc.deb
          Size/MD5 checksum:    53466 24b0524b9944d1bb9e2d8451035be5a0
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_powerpc.deb
          Size/MD5 checksum:    25232 8686e26fba64af5040a2484e1c626f06
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_s390.deb
          Size/MD5 checksum:    56264 6b018396fae8f11be8d6dc2ddae99762
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_s390.deb
          Size/MD5 checksum:    26344 f7c45e7292b79e9e047982519ed7717b
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_sparc.deb
          Size/MD5 checksum:    53338 3d5315a2b44da8acd151bc714ca45efc
        https://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_sparc.deb
          Size/MD5 checksum:    24796 a64846770af6a96a1ae30d0b02fda299
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.