Family: Debian Local Security Checks --> Category: infos
[DSA396] DSA-396-1 thttpd Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in thttpd, a tiny HTTP
The Common Vulnerabilities and Exposures project identifies the
Marcus Breiing discovered that if thttpd it is used for virtual
hosting, and a possible hacker supplies a specially crafted &ldquo
header with a pathname instead of a hostname, thttpd will reveal
information about the host system. Hence, a possible hacker can browse
the entire disk.
Joel Söderberg and Christer Öberg discovered a remote overflow which
allows a possible hacker to partially overwrite the EBP register and
hence execute arbitrary code.
For the stable distribution (woody) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your thttpd package immediately.
Solution : http://www.debian.org/security/2003/dsa-396
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.