GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jun 25, 2012 12:26 am Post subject: [ GLSA 201206-27 ] mini_httpd: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: mini_httpd: Arbitrary code execution (GLSA 201206-27)
Severity: normal
Exploitable: remote
Date: June 24, 2012
Bug(s): #303755
ID: 201206-27
Synopsis
A vulnerability in mini_httpd could allow remote attackers to
execute arbitrary code.
Background
mini_httpd is a small webserver with optional SSL and IPv6 support.
Affected Packages
Package: www-servers/mini_httpd
Vulnerable: > 1.19 <= 1.19
Architectures: All supported architectures
Description
mini_httpd does not properly check for shell escapes when parsing HTTP
requests.
Impact
A remote attacker could send specially crafted HTTP requests, possibly
resulting in execution of arbitrary code with the privileges of the
process, or allowing for overwriting of files.
Workaround
There is no known workaround at this time.
Resolution
Gentoo discontinued support for mini_httpd. We recommend that users
unmerge mini_httpd:
| Code: | # emerge --unmerge "www-servers/mini_httpd"
|
References
CVE-2009-4490 |
|
News & Announcements
