Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4362

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4362
Last Modified 06 Nov 2012 12:03:39
Published 24 Dec 2011 02:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4362

Summary

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

Vulnerable Systems

Application

  • Lighttpd 1.0.2

  • Lighttpd 1.0.3

  • Lighttpd 1.1.0

  • Lighttpd 1.1.1

  • Lighttpd 1.1.2

  • Lighttpd 1.1.3

  • Lighttpd 1.1.4

  • Lighttpd 1.1.5

  • Lighttpd 1.1.6

  • Lighttpd 1.1.7

  • Lighttpd 1.1.8

  • Lighttpd 1.1.9

  • Lighttpd 1.2.0

  • Lighttpd 1.2.1

  • Lighttpd 1.2.2

  • Lighttpd 1.2.3

  • Lighttpd 1.2.5

  • Lighttpd 1.2.6

  • Lighttpd 1.2.7

  • Lighttpd 1.2.8

  • Lighttpd 1.3.0

  • Lighttpd 1.3.1

  • Lighttpd 1.3.10

  • Lighttpd 1.3.11

  • Lighttpd 1.3.12

  • Lighttpd 1.3.13

  • Lighttpd 1.3.14

  • Lighttpd 1.3.15

  • Lighttpd 1.3.16

  • Lighttpd 1.3.2

  • Lighttpd 1.3.3

  • Lighttpd 1.3.4

  • Lighttpd 1.3.5

  • Lighttpd 1.3.6

  • Lighttpd 1.3.8

  • Lighttpd 1.3.9

  • Lighttpd 1.4.0

  • Lighttpd 1.4.10

  • Lighttpd 1.4.11

  • Lighttpd 1.4.12

  • Lighttpd 1.4.13

  • Lighttpd 1.4.14

  • Lighttpd 1.4.15

  • Lighttpd 1.4.16

  • Lighttpd 1.4.17

  • Lighttpd 1.4.18

  • Lighttpd 1.4.19

  • Lighttpd 1.4.2

  • Lighttpd 1.4.20

  • Lighttpd 1.4.21

  • Lighttpd 1.4.22

  • Lighttpd 1.4.23

  • Lighttpd 1.4.24

  • Lighttpd 1.4.25

  • Lighttpd 1.4.3

  • Lighttpd 1.4.4

  • Lighttpd 1.4.5

  • Lighttpd 1.4.6

  • Lighttpd 1.4.7

  • Lighttpd 1.4.8

  • Lighttpd 1.4.9

  • Lighttpd 1.5.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=758624

SECTRACK - 1026359

MLIST - [oss-security] 20111129 CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error

MLIST - [oss-security] 20111129 Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error

DEBIAN - DSA-2368

SECUNIA - 47260

CONFIRM - http://redmine.lighttpd.net/issues/2370

CONFIRM - http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt

XF - lighttpd-base64-dos(71536)

EXPLOIT-DB - 18295

MISC - http://blog.pi3.com.pl/?p=277

BUGTRAQ - 20111224 Lighttpd Proof of Concept code for CVE-2011-4362


Last Updated: 27 May 2016 10:57:17