| VID |
22242 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The thttpd HTTP server, according to its banner, has a buffer overflow vulnerability in the defang function. thttpd, developed by Acme Labs, is free Web server daemon available for most Unix-based operating systems. thttpd versions 2.21 through 2.23b1 are vulnerable to a buffer overflow in the defang function in the libhttpd.c file. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the affected system.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-10/0272.html
* Platforms Affected:
thttpd 2.21 through 2.23b1
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of thttpd (2.24 or later), available from the thttpd Web site at http://www.acme.com/software/thttpd/
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest thttpd package (2.21b-11.2 or later), as listed in Debian Security Advisory DSA-396-1 at http://www.debian.org/security/2003/dsa-396
For SuSE Linux:
Upgrade to the latest thttpd package, as listed in SuSE Security Announcement SuSE-SA:2003:044 at http://www.suse.com/de/security/2003_044_thttpd.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0899 (CVE) |
| Related URL |
8906 (SecurityFocus) |
| Related URL |
13530 (ISS) |
|
