Executive Summary
| Summary | |
|---|---|
| Title | lighttpd security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2649 | First vendor Publication | 2013-03-15 |
| Vendor | Debian | Last vendor Modification | 2013-03-15 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 1.9 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version. As the fix is in a configuration file lying in /etc, the update won't be enforced if the file has been modified by the administrator. In that case, care should be taken to manually apply the fix. For the stable distribution (squeeze), this problem has been fixed in version 1.4.28-2+squeeze1.3. For the testing distribution (wheezy), this problem has been fixed in version 1.4.31-4. For the unstable distribution (sid), this problem has been fixed in version 1.4.31-4. We recommend that you upgrade your lighttpd packages. |
Original Source
| Url : http://www.debian.org/security/2013/dsa-2649 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18507 | |||
| Oval ID: | oval:org.mitre.oval:def:18507 | ||
| Title: | DSA-2649-1 lighttpd - fixed socket name in world-writable directory | ||
| Description: | Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2649-1 CVE-2013-1427 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | lighttpd |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-02-06 | Name : The remote web server is affected by an insecure temporary file creation vuln... File : lighttpd_1_4_28.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_lighttpd_20140721.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2649.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:31:45 |
|
| 2013-03-22 21:19:36 |
|
| 2013-03-21 21:19:22 |
|
| 2013-03-16 00:17:27 |
|
