lighttpd mod_scgi Debug Message Format Specifier Unspecified DoS

2007-07-17T17:51:07
ID OSVDB:38308
Type osvdb
Reporter OSVDB
Modified 2007-07-17T17:51:07

Description

Solution Description

Upgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/ticket/1263 Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/1882 Secunia Advisory ID:26593 Secunia Advisory ID:22588 Secunia Advisory ID:26505 Secunia Advisory ID:26130 Secunia Advisory ID:26158 Related OSVDB ID: 38312 Related OSVDB ID: 38310 Related OSVDB ID: 38311 Related OSVDB ID: 38314 Related OSVDB ID: 38318 Related OSVDB ID: 38309 Related OSVDB ID: 38313 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml Other Advisory URL: http://security.gentoo.org/glsa/glsa-200708-11.xml Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_15_sr.html Other Advisory URL: http://www.debian.org/security/2007/dsa-1362 FrSIRT Advisory: ADV-2007-2585 CVE-2007-3950 Bugtraq ID: 24967