Debian Security Advisory DSA 883-1 (thttpd) Network Vulnerability

Summary

The remote host is missing an update to thttpd announced via advisory DSA 883-1. Javier Fernández-Sanguino Peña from the Debian Security Audit team discovered that the syslogtocern script from thttpd, a tiny webserver, uses a temporary file insecurely, allowing a local attacker to craft a symlink attack to overwrite arbitrary files. For the old stable distribution (woody) this problem has been fixed in version 2.21b-11.3.

Solution

For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-4. We recommend that you upgrade your thttpd package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20883-1

Severity

Classification

CVE CVE-2005-3124
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1078-1 (tiff)
Debian Security Advisory DSA 1047-1 (resmgr)
Debian Security Advisory DSA 2147-1 (pimd)
Debian Security Advisory DSA 019-1 (squid)
Debian Security Advisory DSA 151-1 (xinetd)

Take action and discover your vulnerabilities