From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Dec 6 20:50:05 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B930F1065677; Sat, 6 Dec 2008 20:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 93A428FC25; Sat, 6 Dec 2008 20:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mB6Ko5JO085995; Sat, 6 Dec 2008 20:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mB6Ko5NF085994; Sat, 6 Dec 2008 20:50:05 GMT (envelope-from gnats) Resent-Date: Sat, 6 Dec 2008 20:50:05 GMT Resent-Message-Id: <200812062050.mB6Ko5NF085994@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: mnag@FreeBSD.org, danger@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91CD81065672 for ; Sat, 6 Dec 2008 20:41:11 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 433768FC1D for ; Sat, 6 Dec 2008 20:41:11 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from phoenix.codelabs.ru (ppp91-78-250-32.pppoe.mtu-net.ru [91.78.250.32]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L93xd-000NoO-VR for FreeBSD-gnats-submit@freebsd.org; Sat, 06 Dec 2008 23:41:10 +0300 Message-Id: <20081206204118.3C7B7B8019@phoenix.codelabs.ru> Date: Sat, 6 Dec 2008 23:41:18 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: mnag@FreeBSD.org, danger@freebsd.org Cc: Subject: ports/129472: [vuxml] www/lighttpd: document CVE-2008-{4298, 4359, 4360} X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Dec 2008 20:50:05 -0000 >Number: 129472 >Category: ports >Synopsis: [vuxml] www/lighttpd: document CVE-2008-{4298,4359,4360} >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Dec 06 20:50:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.1-PRERELEASE amd64 >Description: Multiple issues were fixed in lighttpd 1.4.20: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt Port was updated in October 2008 (ports/127861), but VuXML entry was not created. >How-To-Repeat: Look at the above URLs. >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- lighttpd -- multiple vulnerabilities lighttpd 1.4.20

Multiple issues were fixed in lighttpd 1.4.20:

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

 CVE-2008-4298 CVE-2008-4359 CVE-2008-4360 http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt 02-12-2008 TODAY --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted: