FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- FastCGI header overrun in mod_fastcgi

Affected packages
lighttpd < 1.4.18

Details

VuXML ID 4b673ae7-5f9a-11dc-84dd-000102cc8983
Discovery 2007-09-09
Entry 2007-09-10

lighttpd maintainer reports:

Lighttpd is prone to a header overflow when using the mod_fastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference.

This bug was found by Mattias Bengtsson and Philip Olausson

References

CVE Name CVE-2007-4727
URL http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
URL http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt