FrSIRT - Fedora Security Update Fixes Lighttpd Remote Code Execution Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Lighttpd Remote Code Execution Vulnerability

Title : Fedora Security Update Fixes Lighttpd Remote Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2007-3123
CVE ID : CVE-2007-4727
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-13

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to compromise a vulnerable server [...]

Solution

Upgrade the affected packages :

10a186bdb8c9a47f16c708d63d51f20efc5e4b42 lighttpd-fastcgi-1.4.18-1.fc7.ppc64.rpm
c60e37fa4b3a42d6da0116714955d401097b9340 lighttpd-1.4.18-1.fc7.ppc64.rpm
bd673b2a76dc9d5f4cae227be3675e2f07bd6a8f lighttpd-mod_mysql_vhost-1.4.18-1.fc7.ppc64.rpm
e84db23894b037196eec0c0b6abdb04e11925725 lighttpd-debuginfo-1.4.18-1.fc7.ppc64.rpm
890545f7dce17ccea1444fe2b33fcb6dadde9d1a lighttpd-debuginfo-1.4.18-1.fc7.i386.rpm
6e2e3d3e32c39d64556b920341b2ab25a57824ba lighttpd-fastcgi-1.4.18-1.fc7.i386.rpm
fc7b7a1449bb4e5dd7b6b6fda323b92bb602c25f lighttpd-mod_mysql_vhost-1.4.18-1.fc7.i386.rpm
5d470de19a7bee52b5238e26b0fd452b1c424fc8 lighttpd-1.4.18-1.fc7.i386.rpm
388073708e0ed17551cc01e7f34abaa66ab5f091 lighttpd-fastcgi-1.4.18-1.fc7.x86_64.rpm
af1f66dd36b1f0b3f7bb6121ea46347ff93ea8c7 lighttpd-debuginfo-1.4.18-1.fc7.x86_64.rpm
45ff6e353b45ebac9deb710a54f27314c94b8533 lighttpd-1.4.18-1.fc7.x86_64.rpm
807db4d7f0b2521d8f19f915d56ae4ae7b9f66dd lighttpd-mod_mysql_vhost-1.4.18-1.fc7.x86_64.rpm
f9fbf72140a0dcb2a3a2a3f1f10f81ad094a1394 lighttpd-debuginfo-1.4.18-1.fc7.ppc.rpm
c698a9db52d4dabaebe1013d54edb2ac5b608e07 lighttpd-fastcgi-1.4.18-1.fc7.ppc.rpm
50089c0688928391bdf6d714b0c61b5cb692398c lighttpd-1.4.18-1.fc7.ppc.rpm
f51a6530a0329cedaef42b49e9cac606142caa47 lighttpd-mod_mysql_vhost-1.4.18-1.fc7.ppc.rpm
f8d88f6c1a04ff4044f1e379d2cf854c17290176 lighttpd-1.4.18-1.fc7.src.rpm

ChangeLog

2007-09-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Firefox Unspecified Remote Command Execution Vulnerability
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
	Microsoft Internet Explorer "location" Cross-Domain Scripting Issue
	Microsoft Windows PGM Remote Denial of Service Vulnerability (MS08-036)
	Microsoft Active Directory Remote Denial of Service (MS08-035)
	Microsoft Windows WINS Local Privilege Escalation Vulnerability (MS08-034)
	Microsoft Windows DirectX Remote Code Execution (MS08-033)
	Microsoft Windows Speech API Remote Code Execution (MS08-032)