FLEA-2007-0034-1:

From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Jul 2007 11:52:21 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0034-1
Published: 2007-07-26

Rating: Major

Updated Versions:
lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-2

References:
https://issues.rpath.com/browse/RPL-1550
https://issues.rpath.com/browse/RPL-1554

Description:
Previous versions of the lighttpd package are vulnerable to multiple
attacks, among which remote attackers may circumvent access-control
settings or crash the server by issuing various malformed or malicious
requests. It has not been determined that these vulnerabilities can
be exploited to execute malicious code.

lighttpd is configured to be the default web server for the Foresight
System Manager. If a malicious user were to cause a Denial of Service via
the above attack vectors, the system would no longer be configurable or
updateable via the System Manager.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRqjDLNfwEn07iAtZAQJ/GBAAhfGTlgT8142XQZNzLd2LcWBDHdRJBUZE
ciGE5gcXsD+d/ixh592s+ET4eP9NkjrMKgH42fqW/KN9vEJ5WhZ/0s3dGojiGBEs
FsxU+DFWAa7ACLUt83Izm39HBrHtanzwrHHddkXIkF04Dcv12HoK/1g4imTLFQ9p
3NICH6n/S8G4idpIotbxVvBa+AU7rM/x0m/Ekits8fDybSrFYhLyyWVELWUUB8ww
sxxnCmUfCTw6t4YgTud8BEuEf2zaGNPKybfydCVKpk6YtDzepuS+bDsblDmStA7f
O8pcwz20s8hIspchf9hAeGjsuLYW+oteEuLWcbYmbTd6nNUzk+rh62CwZrrsrsJQ
Ws0vb7fC8wbKlVwUuA746vM0JxPl5b3VeqDSRvc8olRnzx72f4LyGYSsoENxTgv+
toI9RSkAt1/Hl8gcika1tpQ+s8Rex90sBlT47W7kIaD2WP2OqmvR5hpPqusqLA/l
mwi+f0tE/kTAL4vFXOH5+GSTA9q+x6pg0JNhCh/V97Z9RWmVenRoLtxbuznsryez
td+l7fCpkk5950sBWnHCRTdPlrGrumgu9sx7/ZpSYdizqSnSXj8Jex/f2oS6KNG6
8O8BSbdcg5579k7zMzmRC+6IMWlloJToEZ8lbE230JKiXaeVIojprA/i0kRtFzv6
kbnZjntvOCg=
=N9w3
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update
Next by Date: [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning
Previous by thread: [security bulletin] HPSBMA02133 SSRT061201 rev.5 - HP Oracle for OpenView (OfO) Critical Patch Update
Next by thread: [SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] FLEA-2007-0034-1:
... Previous versions of the lighttpd package are vulnerable to multiple ... attacks, among which remote attackers may circumvent access-control ... It has not been determined that these vulnerabilities can ... Copyright 2007 Foresight Linux Project ...
(Full-Disclosure)
SecurityFocus Microsoft Newsletter #223
... is a free service that gives you the ability to track and manage attacks. ... 3Com 3CDaemon Multiple Remote Vulnerabilities ... Windows Update Services ... Relevant URL: http://www.securityfocus.com/bid/12148 ...
(Focus-Microsoft)
RE: Pre-Scanning for Marketing
... installer there were some Security issue, ... vulnerabilities are easily and efficiently identified. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
(Pen-Test)
RE: Pre-Scanning for Marketing : Analogy Day
... of demonstrating vulnerabilities people "need" to know about. ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... Check your website for ...
(Pen-Test)
Re: Web Server Botnets and Server Farms as Attack Platforms
... Web Server Botnets and Server Farms as Attack ... We discuss how these attacks work using file inclusion ... vulnerabilities and PHP shells. ... place platform by platform, ...
(Bugtraq)