|
Family: Debian Local Security Checks --> Category: infos
[DSA1205] DSA-1205-2 thttpd Vulnerability Scan
Vulnerability Scan Summary DSA-1205-2 thttpd
Detailed Explanation for this Vulnerability Test
The original advisory for this issue didn't contain fixed packages for all
supported architectures which are corrected in this update. For reference
please find below the original advisory text:
Marco d'Itri discovered that thttpd, a small, fast and secure webserver,
makes use of insecure temporary files when its logfiles are rotated,
which might lead to a denial of service through a symlink attack.
For the stable distribution (sarge) this problem has been fixed in
version 2.23beta1-3sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 2.23beta1-5.
We recommend that you upgrade your thttpd package.
Solution : http://www.debian.org/security/2006/dsa-1205
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|