Info

Disclosure

Mar 22, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 1.4.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2008-1531 (see also: NVD)
Bugtraq ID: 28489
Secunia Advisory ID: 29505 29544 29636 29649 30023 30202
ISS X-Force ID: 41545
VUPEN Advisory: ADV-2008-1063
Other Advisory URL: http://lists.debian.org/debian-security-announce/2008/msg00110.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://trac.lighttpd.net/trac/ticket/285
http://trac.lighttpd.net/trac/ticket/285#comment:21
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132
http://www.debian.org/security/2008/dsa-1540
http://www.gentoo.org/security/en/glsa/glsa-200804-08.xml
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200804-08.xml
Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/2136
http://trac.lighttpd.net/trac/changeset/2139
http://trac.lighttpd.net/trac/changeset/2140
http://trac.lighttpd.net/trac/ticket/285#comment:18
https://bugs.gentoo.org/show_bug.cgi?id=214892
https://issues.rpath.com/browse/RPL-2407
Mail List Post: http://www.openwall.com/lists/oss-security/2008/03/28/14

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/43788