copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
» ESB-2003.0754 -- Debian Security Advisory DSA 396-1 ...
ESB-2003.0754 -- Debian Security Advisory DSA 396-1 -- New thttpd packages fix information leak, DoS and arbitrary code execution
Date:
03 November 2003
References
:
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0754 -- Debian Security Advisory DSA 396-1 New thttpd packages fix information leak, DoS and arbitrary code execution 03 November 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thttpd Publisher: Debian Operating System: Debian GNU/Linux 3.0 Linux Impact: Execute Arbitrary Code/Commands Read-only Data Access Access Required: Remote CVE Names: CAN-2002-1562 CAN-2003-0899 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 396-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 29th, 2003 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : thttpd Vulnerability : missing input sanitizing, wrong calculation Problem-Type : remote Debian-specific: no CVE Id : CAN-2002-1562 CAN-2003-0899 Several vulnerabilities have been discovered in thttpd, a tiny HTTP server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2002-1562: Information leak Marcus Breiing discovered that if thttpd it is used for virtual hosting, and an attacker supplies a specially crafted ``Host:'' header with a pathname instead of a hostname, thttpd will reveal information about the host system. Hence, an attacker can browse the entire disk. CAN-2003-0899: Arbitrary code execution Joel Soderberg and Christer Oberg discovered a remote overflow which allows an attacker to partially overwrite the EBP register and hencely execute arbitrary code. For the stable distribution (woody) these problems have been fixed in version 2.21b-11.2. For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-2.3. We recommend that you upgrade your thttpd package immediately. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.dsc Size/MD5 checksum: 545 8a1acb90e6094f3fa72c6845c3053041 http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.diff.gz Size/MD5 checksum: 12319 2ac5366cf965d9fc492265d095c108a8 http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b.orig.tar.gz Size/MD5 checksum: 127157 9c1512664cf70c286331243ab622173e Alpha architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_alpha.deb Size/MD5 checksum: 67512 4b98098b019e2b8d0b1ce1e9aeb617ec http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_alpha.deb Size/MD5 checksum: 27794 9edd14ad49dad106626771543c106937 ARM architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_arm.deb Size/MD5 checksum: 54182 c191681665f0af7df0ee90136b3365ff http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_arm.deb Size/MD5 checksum: 23212 2103ca75c4ea13b97e5744d89949fe37 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_i386.deb Size/MD5 checksum: 51914 d699b326d3ebc75476cafe31e91e45ec http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_i386.deb Size/MD5 checksum: 23570 157936de6bd22736b0aa63e2224d65ba Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_ia64.deb Size/MD5 checksum: 77950 cc5e735539ad1c550b9af17c2388bc83 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_ia64.deb Size/MD5 checksum: 29562 954eaaa5f8c824cba7725921f65a3331 HP Precision architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_hppa.deb Size/MD5 checksum: 59116 7f77611819d41bf76d5f835d970f3ed8 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_hppa.deb Size/MD5 checksum: 25448 cd644f20dcc58dfca543600a74dc95c8 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_m68k.deb Size/MD5 checksum: 49552 72cca53687444bef03134030c6662511 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_m68k.deb Size/MD5 checksum: 23220 5677cb4faf6d7b586ba1268c2e35e65c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mips.deb Size/MD5 checksum: 58236 446d260842da0922cba728e2df11b56b http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mips.deb Size/MD5 checksum: 24516 da2230823d6337e7665254f9700c02b8 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mipsel.deb Size/MD5 checksum: 58334 04df64db72249b74039f26e23f384f62 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mipsel.deb Size/MD5 checksum: 24598 451b2c66266919a2a45740336e157518 PowerPC architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_powerpc.deb Size/MD5 checksum: 56474 37163f189b04526056738e72514e0870 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_powerpc.deb Size/MD5 checksum: 23836 fac814ed369bd38e7294d7190a8aad8a IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_s390.deb Size/MD5 checksum: 54658 b05a18adb9af89e183846135ea272b2e http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_s390.deb Size/MD5 checksum: 24392 ea2d972ab7dc89df2c232c71c246bf30 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_sparc.deb Size/MD5 checksum: 58226 5505dc14188fcd27a6ec7fee1f482a78 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_sparc.deb Size/MD5 checksum: 29954 85b41622907ece7edfc7d10f78a83946 These files will probably be moved into the stable distribution on its next revision. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/n3OIW5ql+IAeqTIRAmtjAJ9r7EcVvvnn4kSQdisgaWyscBKIsQCfX2go kFGT8rTtoxQOb2QEkFTjego= =eFa5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBP6Wc2yh9+71yA2DNAQEVhwP/akD1uBH5yczk3TRtP8V3CJAwMl6qIjVN FLik7IJPWQfVzmP6rd8jP1/rDtr1ZpbkjTG8eHfinTp36SV+2xiBaunaWSjayavg ygNJjJJaV3mW2NHPyeEu5XLwkSBh09IaIZ1if6jB3f2CMhavsGb9V7wSYpM+nHfh VINdWU5W25w= =KJLI -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1&it=3573