Debian Security Advisory DSA 883-1 (thttpd) Network Vulnerability

Summary

The remote host is missing an update to thttpd announced via advisory DSA 883-1. Javier Fernández-Sanguino Peña from the Debian Security Audit team discovered that the syslogtocern script from thttpd, a tiny webserver, uses a temporary file insecurely, allowing a local attacker to craft a symlink attack to overwrite arbitrary files. For the old stable distribution (woody) this problem has been fixed in version 2.21b-11.3.

Solution

For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-4. We recommend that you upgrade your thttpd package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20883-1

Severity

Classification

CVE CVE-2005-3124

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 048-1 (cfingerd)
Debian Security Advisory DSA 124-1 (mtr)
Debian Security Advisory DSA 1057-1 (phpldapadmin)
Debian Security Advisory DSA 2321-1 (moin)
Debian Security Advisory DSA 2840-1 (srtp - buffer overflow)

Take action and discover your vulnerabilities