Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-107)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120270

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-107)

Resumen: The remote host is missing an update for the 'lighttpd' package(s) announced via the ALAS-2012-107 advisory.

Descripción: Summary:
The remote host is missing an update for the 'lighttpd' package(s) announced via the ALAS-2012-107 advisory.

Vulnerability Insight:
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

Affected Software/OS:
'lighttpd' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4362
1026359
http://www.securitytracker.com/id?1026359
18295
http://www.exploit-db.com/exploits/18295
20111224 Lighttpd Proof of Concept code for CVE-2011-4362
http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html
47260
http://secunia.com/advisories/47260
DSA-2368
http://www.debian.org/security/2011/dsa-2368
JVN#37417423
http://jvn.jp/en/jp/JVN37417423/index.html
[oss-security] 20111129 CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
http://www.openwall.com/lists/oss-security/2011/11/29/8
[oss-security] 20111129 Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error
http://www.openwall.com/lists/oss-security/2011/11/29/13
http://blog.pi3.com.pl/?p=277
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
http://redmine.lighttpd.net/issues/2370
https://bugzilla.redhat.com/show_bug.cgi?id=758624
lighttpd-base64-dos(71536)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71536

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120270
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-107)
Resumen:	The remote host is missing an update for the 'lighttpd' package(s) announced via the ALAS-2012-107 advisory.
Descripción:	Summary: The remote host is missing an update for the 'lighttpd' package(s) announced via the ALAS-2012-107 advisory. Vulnerability Insight: Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Affected Software/OS: 'lighttpd' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4362 1026359 http://www.securitytracker.com/id?1026359 18295 http://www.exploit-db.com/exploits/18295 20111224 Lighttpd Proof of Concept code for CVE-2011-4362 http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html 47260 http://secunia.com/advisories/47260 DSA-2368 http://www.debian.org/security/2011/dsa-2368 JVN#37417423 http://jvn.jp/en/jp/JVN37417423/index.html [oss-security] 20111129 CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error http://www.openwall.com/lists/oss-security/2011/11/29/8 [oss-security] 20111129 Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error http://www.openwall.com/lists/oss-security/2011/11/29/13 http://blog.pi3.com.pl/?p=277 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://redmine.lighttpd.net/issues/2370 https://bugzilla.redhat.com/show_bug.cgi?id=758624 lighttpd-base64-dos(71536) https://exchange.xforce.ibmcloud.com/vulnerabilities/71536
Copyright	Copyright (C) 2015 Greenbone AG