|
|
CVE Reference: CVE-2007-4727 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4727 |
|
|
Description: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow." |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/36526 SUSE http://www.novell.com/linux/security/advisories/2007_20_sr.html SREASON http://securityreason.com/securityalert/3127 SAID Secunia Advisory: SA26997 Secunia Advisory: SA27229 Secunia Advisory: SA26732 Secunia Advisory: SA26794 Secunia Advisory: SA26824 MISC http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ GENTOO http://www.gentoo.org/security/en/glsa/glsa-200709-16.xml FEDORA http://fedoranews.org/updates/FEDORA-2007-213.shtml CONFIRM http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt http://trac.lighttpd.net/trac/changeset/1986 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479763/100/0/threaded BID 25622 |
|
| Return to the previous page. |
