Gentoo Linux Security Advisory GLSA 200804-08 - Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Versions less than 1.4.19-r2 are affected.
04d53fca65adca4c84d85a814f6f371863f45711fbaaacda55d307182040adffDebian Security Advisory 1521-1 - Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration.
2840b96eb72ba9b88300f61440b5bb9afc752ee4c42cf701dbde09e00d348215
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed