Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-200709-16 High: Lighttpd Buffer Overflow Remote Code Execution

gentoo
Calendar Grey September 27, 2007
Dist Gentoo Esm H88
Gentoo urges its users to patch Lighttpd in light of a critical buffer overflow vulnerability that could enable remote code execution.
Lighttpd is vulnerable to the remote execution of arbitrary code.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200709-16
                                            https://security.gentoo.org/

  Severity: High
     Title: Lighttpd: Buffer overflow
      Date: September 27, 2007
      Bugs: #191912
        ID: 200709-16


Synopsis
=======
Lighttpd is vulnerable to the remote execution of arbitrary code.

Background
=========
Lighttpd is a lightweight HTTP web server.

Affected packages
================
    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  www-servers/lighttpd      < 1.4.18                      >= 1.4.18

==========
Mattias Bengtsson and Philip Olausson have discovered a buffer overflow
vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c
when processing overly long HTTP headers.

Impact
=====
A...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory high severity gentoo buffer overflow remote execution

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory high severity gentoo buffer overflow remote execution

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here