#VU33958 Input validation error in lighttpd - CVE-2011-4362
Vulnerability identifier: #VU33958
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
lighttpd
Server applications /
Web servers
Vendor: lighttpd
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
Mitigation
Install update from vendor's website.
Vulnerable software versions
lighttpd: 1.4.1 - 1.4.29
External links
https://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html
https://blog.pi3.com.pl/?p=277
https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
https://redmine.lighttpd.net/issues/2370
https://secunia.com/advisories/47260
https://www.debian.org/security/2011/dsa-2368
https://www.exploit-db.com/exploits/18295
https://www.openwall.com/lists/oss-security/2011/11/29/13
https://www.openwall.com/lists/oss-security/2011/11/29/8
https://www.securitytracker.com/id?1026359
https://bugzilla.redhat.com/show_bug.cgi?id=758624
https://exchange.xforce.ibmcloud.com/vulnerabilities/71536
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
