CVE-2008-1270 - CVE Reference - Advisories

CVE Reference: CVE-2008-1270

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1270

Description: mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41173 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SAID Secunia Advisory: SA29318 Secunia Advisory: SA29403 Secunia Advisory: SA29636 Secunia Advisory: SA29622 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 GENTOO http://security.gentoo.org/glsa/glsa-200804-08.xml DEBIAN http://www.debian.org/security/2008/dsa-1521 CONFIRM http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany http://trac.lighttpd.net/trac/ticket/1587 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489465/100/0/threaded BID 28226

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Drupal Session Fixation Vulnerability

3.	Red Hat update for kernel

4.	Linux Kernel LDT Buffer Size Handling Vulnerability

5.	IPCop update for perl

6.	Debian update for clamav

7.	Ubuntu update for php

8.	Red Hat update for thunderbird

9.	dnsmasq Denial of Service and DNS Cache Poisoning

10.	Apple Safari Cross-Domain Cookie Injection Vulnerability