Lucene search
SuseSUSE-SA:2003:044HistoryOct 31, 2003 - 12:38 p.m.
remote privilege escalation/ in thttpd
2003-10-3112:38:13
lists.opensuse.org
25
0.298 Low
EPSS
Percentile
96.4%
Two vulnerabilities were found in the “tiny” web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.3 | ppc | thttpd | < 2.20b-112 | thttpd-2.20b-112.ppc.rpm |
| openSUSE | 8.2 | i586 | thttpd | < 2.23beta1-164 | thttpd-2.23beta1-164.i586.rpm |
| openSUSE | 7.3 | i386 | thttpd | < 2.20b-175 | thttpd-2.20b-175.i386.rpm |
| openSUSE | 8.0 | i386 | thttpd | < 2.20c-98 | thttpd-2.20c-98.i386.rpm |
| openSUSE | 9.0 | i586 | thttpd | < 2.23beta1-165 | thttpd-2.23beta1-165.i586.rpm |
| openSUSE | 8.1 | i586 | thttpd | < 2.23beta1-163 | thttpd-2.23beta1-163.i586.rpm |
Related
suse
suse
cache poisoning/denial-of-service in bind8
2003-11-28 14:58:12
remote code execution in hylafax
2003-11-10 14:45:25
local privilege escalation in rsync
2003-12-04 17:18:15
cert
cert
ISC BIND 8 vulnerable to cache poisoning via negative responses
2003-12-01 00:00:00
Integer overflow vulnerability in rsync
2003-12-09 00:00:00
securityvulns
securityvulns
SUSE Security Announcement: hylafax (SuSE-SA:2003:045)
2003-11-13 00:00:00
[KDE SECURITY ADVISORY] KDM vulnerabilities
2003-09-17 00:00:00
Libnids <= 1.17 buffer overflow
2003-10-28 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)
2004-07-31 00:00:00
Debian DSA-388-1 : kdebase - several vulnerabilities
2004-09-29 00:00:00
RHEL 2.1 : kdebase (RHSA-2003:270)
2004-07-06 00:00:00
redhat
redhat
(RHSA-2003:270) kdebase security update
2003-09-16 00:00:00
(RHSA-2003:236) kdelibs security update
2003-07-30 00:00:00
(RHSA-2003:289) XFree86 security update
2003-11-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200311-01 (kdebase)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200311-01 (kdebase)
2008-09-24 00:00:00
Debian Security Advisory DSA 396-1 (thttpd)
2008-01-17 00:00:00
gentoo
gentoo
kdebase: KDM vulnerabilities
2003-11-15 00:00:00
Libnids: remote code execution vulnerability
2003-11-22 00:00:00
osv
osv
kdebase - several vulnerabilities
2003-09-19 00:00:00
thttpd - missing input sanitizing, wrong calculation
2003-10-29 00:00:00
libnids - buffer overflow
2004-01-05 00:00:00
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
debiancve
debiancve
CVE-2003-0850
2003-11-17 05:00:00
debian
debian