230 matches found
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1205-2 [email protected] http://www.debian.org/security/ Steve Kemp December 1sd, 2006 http://www.debian.org/security/faq -...
Debian DSA-1205-2 : thttpd - insecure temporary files
The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update. For reference please find below the original advisory text : Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure...
thttpd symbolic links problem
Insecure temporary file creation on logfiles rotation...
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1205-1 [email protected] http://www.debian.org/security/ Steve Kemp November 2rd, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1205-1 [email protected] http://www.debian.org/security/ Steve Kemp November 2rd, 2006 http://www.debian.org/security/faq -...
DSA-1205-1 thttpd - insecure temporary files
Bulletin has no description...
CVE-2006-4248
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...
CVE-2006-4248
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...
CVE-2006-4248
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the startthttpd temporary file...
CVE-2006-4248
CVE-2006-4248 affects thttpd (notably in Debian and related distributions) and involves a local symlink attack that allows a local user to create or touch arbitrary files via insecure temporary file usage in start_thttpd during log rotation. The root cause is the use of insecure temporary files, ...
Debian DSA-883-1 : thttpd - insecure temporary file
Javier Fernandez-Sanguino Pena from the Debian Security Audit team discovered that the syslogtocern script from thttpd, a tiny webserver, uses a temporary file insecurely, allowing a local attacker to craft a symlink attack to overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2006-1078
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via 1 a long command line argument and 2 a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...
Design/Logic Flaw
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...
CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...
CVE-2006-1078
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via 1 a long command line argument and 2 a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...
CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...
CVE-2006-1079
CVE-2006-1079 concerns the htpasswd utility used by Acme thttpd (notably 2.25b) where local users can escalate privileges through shell metacharacters passed as command-line arguments to system(). Several sourced entries indicate this vulnerability exists in htpasswd and note the issue may be exp...
CVE-2006-1078
Concrete details found: CVE-2006-1078 concerns multiple buffer overflows in the htpasswd utility used by Acme thttpd 2.25b. The vulnerabilities allow a local attacker to gain or escalate privileges via (1) a long command-line argument and (2) a long line in a file. The advisory notes htpasswd is ...
Acme thttpd < 2.26 htpasswd Utility Overflow
Binary data 3463.prm...
CVE-2004-2628
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains 1 a hex-encoded backslash dot-dot sequence "%5C.." or 2 a drive letter such as "C:"...