lighttpd mod_auth (http_auth.c) Malformed Auth-Digest Header Remote DoS

2007-06-15T17:51:07
ID OSVDB:38317
Type osvdb
Reporter OSVDB
Modified 2007-06-15T17:51:07

Description

Solution Description

Upgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/browser/branches/lighttpd-1.4.x/NEWS?rev=1875 Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/1875 Secunia Advisory ID:26593 Secunia Advisory ID:22588 Secunia Advisory ID:26505 Secunia Advisory ID:26130 Secunia Advisory ID:26158 Related OSVDB ID: 38312 Related OSVDB ID: 38308 Related OSVDB ID: 38311 Related OSVDB ID: 38318 Related OSVDB ID: 38315 Related OSVDB ID: 38316 Related OSVDB ID: 38313 Related OSVDB ID: 1013586 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.html Other Advisory URL: https://issues.rpath.com/browse/RPL-1554 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200708-11.xml Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_15_sr.html Other Advisory URL: http://www.debian.org/security/2007/dsa-1362 Other Advisory URL: https://issues.rpath.com/browse/RPL-1550 FrSIRT Advisory: ADV-2007-2585 CVE-2007-3946 Bugtraq ID: 24967