 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2013.0334 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2013-0334) |
| Zusammenfassung: | The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2013-0334 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the MGASA-2013-0334 advisory. Vulnerability Insight: Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network (CVE-2013-4508). In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often, in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too (CVE-2013-4559). In lighttpd before 1.4.34, if 'fam' is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS (CVE-2013-4560). Affected Software/OS: 'lighttpd' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4508 DSA-2795 https://www.debian.org/security/2013/dsa-2795 HPSBGN03191 http://marc.info/?l=bugtraq&m=141576815022399&w=2 JVN#37417423 http://jvn.jp/en/jp/JVN37417423/index.html [oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI http://openwall.com/lists/oss-security/2013/11/04/19 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt http://redmine.lighttpd.net/issues/2525 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/ openSUSE-SU-2014:0072 http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4559 55682 http://secunia.com/advisories/55682 [oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) http://www.openwall.com/lists/oss-security/2013/11/12/4 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt https://kc.mcafee.com/corporate/index?page=content&id=SB10310 Common Vulnerability Exposure (CVE) ID: CVE-2013-4560 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |