Vulnerabilities > CVE-2010-0295 - Resource Management Errors vulnerability in Lighttpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability. CVE-2010-0295 . Dos exploit for linux platform |
id | EDB-ID:33591 |
last seen | 2016-02-03 |
modified | 2010-02-02 |
published | 2010-02-02 |
reporter | Li Ming |
source | https://www.exploit-db.com/download/33591/ |
title | lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIGHTTPD-100203.NASL description This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. (CVE-2010-0295) last seen 2020-06-01 modified 2020-06-02 plugin id 44410 published 2010-02-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44410 title openSUSE Security Update : lighttpd (lighttpd-1914) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update lighttpd-1914. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44410); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-0295"); script_name(english:"openSUSE Security Update : lighttpd (lighttpd-1914)"); script_summary(english:"Check for the lighttpd-1914 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. (CVE-2010-0295)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=573948" ); script_set_attribute( attribute:"solution", value:"Update the affected lighttpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_cml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_cml-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_magnet-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_mysql_vhost-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_rrdtool-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_trigger_b4_dl-1.4.20-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"lighttpd-mod_webdav-1.4.20-2.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lighttpd"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1987.NASL description Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion. last seen 2020-06-01 modified 2020-06-02 plugin id 44851 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44851 title Debian DSA-1987-1 : lighttpd - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1987. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44851); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2010-0295"); script_bugtraq_id(38036); script_xref(name:"DSA", value:"1987"); script_name(english:"Debian DSA-1987-1 : lighttpd - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-1987" ); script_set_attribute( attribute:"solution", value: "Upgrade the lighttpd packages. For the oldstable distribution (etch), this problem has been fixed in version 1.4.13-4etch12. For the stable distribution (lenny), this problem has been fixed in version 1.4.19-5+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lighttpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"lighttpd", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-doc", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-mod-cml", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-mod-magnet", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-mod-mysql-vhost", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-mod-trigger-b4-dl", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"4.0", prefix:"lighttpd-mod-webdav", reference:"1.4.13-4etch12")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-doc", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-mod-cml", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-mod-magnet", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-mod-mysql-vhost", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-mod-trigger-b4-dl", reference:"1.4.19-5+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lighttpd-mod-webdav", reference:"1.4.19-5+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1A3BD81F1B2511DFBD1A002170DAAE37.NASL description Lighttpd security advisory reports : If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes. last seen 2020-06-01 modified 2020-06-02 plugin id 44625 published 2010-02-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44625 title FreeBSD : lighttpd -- denial of service vulnerability (1a3bd81f-1b25-11df-bd1a-002170daae37) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(44625); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2010-0295"); script_bugtraq_id(38036); script_name(english:"FreeBSD : lighttpd -- denial of service vulnerability (1a3bd81f-1b25-11df-bd1a-002170daae37)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Lighttpd security advisory reports : If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes." ); script_set_attribute( attribute:"see_also", value:"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt" ); # https://vuxml.freebsd.org/freebsd/1a3bd81f-1b25-11df-bd1a-002170daae37.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dc1f9afa" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:lighttpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/02"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"lighttpd<1.4.26")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIGHTTPD-100203.NASL description This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. (CVE-2010-0295) last seen 2020-06-01 modified 2020-06-02 plugin id 44409 published 2010-02-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44409 title openSUSE Security Update : lighttpd (lighttpd-1914) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIGHTTPD-100203.NASL description This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. (CVE-2010-0295) last seen 2020-06-01 modified 2020-06-02 plugin id 44412 published 2010-02-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44412 title openSUSE Security Update : lighttpd (lighttpd-1914) NASL family Fedora Local Security Checks NASL id FEDORA_2010-7636.NASL description Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug #2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47467 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47467 title Fedora 11 : lighttpd-1.4.26-2.fc11 (2010-7636) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-17.NASL description The remote host is affected by the vulnerability described in GLSA-201006-17 (lighttpd: Denial of Service) Li Ming reported that lighttpd does not properly process packets that are sent overly slow. Impact : A remote attacker might send specially crafted packets to a server running lighttpd, possibly resulting in a Denial of Service condition via host memory exhaustion. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46806 published 2010-06-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46806 title GLSA-201006-17 : lighttpd: Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2010-7611.NASL description Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug #2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47464 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47464 title Fedora 13 : lighttpd-1.4.26-2.fc13 (2010-7611) NASL family Solaris Local Security Checks NASL id SOLARIS11_LIGHTTPD_20140721.NASL description The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. (CVE-2010-0295) - The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. (CVE-2013-1427) - Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. (CVE-2014-2469) last seen 2020-06-01 modified 2020-06-02 plugin id 80699 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80699 title Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of) NASL family Fedora Local Security Checks NASL id FEDORA_2010-7643.NASL description Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug #2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47469 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47469 title Fedora 12 : lighttpd-1.4.26-2.fc12 (2010-7643) NASL family Web Servers NASL id LIGHTTPD_1_4_26.NASL description According to its banner, the version of lighttpd running on the remote host is prior to 1.4.26 or is 1.5.0. It is, therefore, affected by the following vulnerabilities : - lighttpd allocates a buffer for each read operation which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 106625 published 2018-02-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106625 title lighttpd < 1.4.26 or 1.5.0 Denial of Service
Seebug
bulletinFamily exploit description BUGTRAQ ID: 38036 CVE ID: CVE-2010-0295 Lighttpd是一款轻型的开放源码Web Server软件包。 Lighttpd服务器每次接收到网络报文都会分配4K或16K的堆内存,如果远程攻击者缓慢的发送HTTP请求(如每秒钟发送1字节),就会耗尽所有可用内存导致服务器终止。 LightTPD LightTPD 1.5 LightTPD LightTPD 1.4.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1987-1)以及相应补丁: DSA-1987-1:lighttpd -- denial of service 链接:http://www.debian.org/security/2010/dsa-1987 补丁下载: Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.dsc Size/MD5 checksum: 1108 a2be7a82e20970071251e5ca71fc660c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.diff.gz Size/MD5 checksum: 39820 9f05aa3a52053d707be87c0f35912ec3 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch12_all.deb Size/MD5 checksum: 101098 6c7d7bfa494d88c38e9d53d44afcf49e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 60370 f24388eda6bc606c663ef909d1484ba9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 320406 3fd29fadf48816d99fe9baf030bb9a1e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 65202 0d22456f747d42de3c957350ffda2025 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 72124 c913f4124bc228ca345264763f19c164 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 62148 50582d9263916db3e5c3add5b0c82f40 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_alpha.deb Size/MD5 checksum: 65638 bc8798836eb898e969fa1c74ced2263d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 61636 918877b620983d832971d5d3845f3c86 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 59926 d72fad101197b9177348b3fdfe59020d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 64500 086df21a5fda61077c12b320407ccb26 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 71032 bf00a3cd05e54d5aaa2cd91a9f79a5ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 64836 f604cc138b5a8de2b52f468efb3f0031 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_amd64.deb Size/MD5 checksum: 299794 08a9b33d69d1c7bb56d4b69a24205026 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_arm.deb Size/MD5 checksum: 61288 46a866402e943311aaeb5cbfb0eba5e3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_arm.deb Size/MD5 checksum: 287600 eef09d18e1d37b7422adf10f06c97406 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_arm.deb Size/MD5 checksum: 59154 66b50d93049f016e5e6447b8ef813902 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_arm.deb Size/MD5 checksum: 63548 e90e7a91f702f3d65be26eeed1ac1987 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_arm.deb Size/MD5 checksum: 63340 dfd3a3db7d5e74c5abe7d64f3ec0d7f6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_arm.deb Size/MD5 checksum: 70208 f8818b2dca75f3204d6d63946631904e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 59804 67c275ae5602378c9c4690c53bda26b0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 65376 4a4b7c631ad2ac9d112ecf58dba33edf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 323098 1dec43cd0b18233203411686abcd1575 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 64868 8aaaf46ad4b092dba1ed2729db0facd2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 72780 358ff940ee5da1aa7f1a20006a69c5ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_hppa.deb Size/MD5 checksum: 61806 b3510b57940378f1a7ef8f4841866cb9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_i386.deb Size/MD5 checksum: 64392 b8f33f0e3411cf5451a0cea231409746 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_i386.deb Size/MD5 checksum: 64184 c005107155f2ae5cd6167d1f1d793d36 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_i386.deb Size/MD5 checksum: 61358 f29271c62a2aab415abf4780389ecb41 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_i386.deb Size/MD5 checksum: 59596 206fb9cfe9234db85ee0d417c3436ab4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_i386.deb Size/MD5 checksum: 71496 6e6bef7d6a8665bd78763d37fed416ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_i386.deb Size/MD5 checksum: 290004 7a710389c6efef8a00b03ea2e960f17f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 77590 6b5a71e75c89a8326b6072b6bb022d68 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 61692 617c3df2fd221fb5cecff9727120c307 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 63572 acd66904a46dda5035bcb2663c300c63 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 67886 444ecf614179b52ae21943765e10e605 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 68026 e1f719f2627bf0e4accf7b62c583096e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_ia64.deb Size/MD5 checksum: 404182 499f06d73dd67f6261bac97c993badac mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 70550 dd5ffa7e015a857a820a7d1292c198a0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 61260 28b00ec06cbb66c20a68fadf979e203c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 298420 0dd0ef6dff4f621fc5ba2fa57866a59d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 59782 105197b36c2c6e99996be53030ef5df4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 64054 1c9287f4489e57f625a8f65c1f5eab20 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_mipsel.deb Size/MD5 checksum: 63886 d0c610558df8be7632606549115ba047 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 65878 163285bde244d4b9301870c3ed3bc109 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 63184 87516847b6e0a123fa6f6253688df4c1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 66156 21324ae7baf21a46121c357641e9f36a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 72542 823d715bcb56b54d5504fce88e7edeec http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 61400 eaedc7afd640991e4a254d5075d68fae http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_powerpc.deb Size/MD5 checksum: 323732 7b170668d041f2019786bae992e623cd s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_s390.deb Size/MD5 checksum: 60200 a55b75f7dde8697326bb917d6adeabc8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_s390.deb Size/MD5 checksum: 72204 dd41f5030ff57ceaa582810ba24fc0ee http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_s390.deb Size/MD5 checksum: 64866 472d22247b86c5861cd793712c182d9c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_s390.deb Size/MD5 checksum: 61740 5341aca4a88d614fa662cf153bcb897a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_s390.deb Size/MD5 checksum: 65256 9c2a42a08dc7bdbc9bacabf74329269d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_s390.deb Size/MD5 checksum: 307074 8f839f8e7f9228e949f2b50160bf1906 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 70740 5ca564854c876d78662515db459c64e2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 64144 dfd8a2dbce6377c1d180f434d715e97c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 285020 13bf19296e5a3761392c3d82c9934fed http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 64164 0a803bc9cd6ef27e59e71806d599f6de http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 61238 76e2c32c82542369902ccb2ccaaa8c0e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_sparc.deb Size/MD5 checksum: 59620 cd273a623a05d5223c35904b391a6340 Debian GNU/Linux 5.0 alias lenny - - -------------------------------- Debian (stable) - - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.dsc Size/MD5 checksum: 1707 9db0f343d28732f798c1a2020423ddd9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.diff.gz Size/MD5 checksum: 27536 640ccb5678115f069777077fb0b5cffd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19.orig.tar.gz Size/MD5 checksum: 815568 cede410e7adee3ea14206749190a8b5d Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.19-5+lenny1_all.deb Size/MD5 checksum: 109512 1b9696c70c89f82d9a17a086a7de8d31 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 72534 e6f145f65cba4aac88d51809311e8082 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 340626 f73cdd6194b566550439da1b03777796 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 79430 432a06b4fdcb19b209389de1fe4a7bc4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 67284 241ba44dcb5e197c3f63a43355a85517 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 72008 9a18bb66b361d067457cf7fb1d10fb9c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_alpha.deb Size/MD5 checksum: 68920 c801216dc8ac72e633e005d70face5f9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 71888 540242cb493bf32ad190ccd3853e3a1c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 78760 fcf4e53e61ef01d9fe39a8a5a19bfea3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 71592 059444d28cec9b2b7542dfe56e199074 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 322470 f89f9e381d6e6e1b5b61306527068639 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 66902 c47b25719738fb7726970b9533e140b1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_amd64.deb Size/MD5 checksum: 68462 3c1b0a403b9610c32bd9d2297b5b2670 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 70572 513a8641dd407769b09ac2ac0f0c5512 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 66136 7017f5567130b60ee476d0e33558c07d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 310818 af9e22c6cdddf8f1fd058cf2915e408b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 77690 b1a37635507cf95f04d76f6c9f3f6295 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 70394 e71afeb997f13ae72461a816cde281c3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_arm.deb Size/MD5 checksum: 68072 9a45c9cc91850162336bf876475c8ec5 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 77410 8ad7981f12a57d92182767858069dd66 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 68038 925065ed03b1596aba5947df1ee62bb9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 72240 479c7edd0aa58496f691097ce9052c3d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 315334 c256c4321239bf575d5ebad186423425 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 66434 6779fd674434a719f2969e9cd40088ac http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_armel.deb Size/MD5 checksum: 71628 4339f2c1f7a3d703207295e947d3744e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 69190 0676bd9e82c84fd9fca37c1b5026d141 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 67216 f28d9b951c97edc101225b045f1c6d66 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 80894 2d0b5d5f9a0d8941d2ce3d6c1402b049 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 344566 a1f7945e7669baab86ee22ad8c270275 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 72596 8801ff2ad9825a19080b28a179db2a2c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_hppa.deb Size/MD5 checksum: 72274 a963dffdf5a1fc63c7bf77a72c648281 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 70344 8bb71db1240fd4bd184b40f02f1c7e7f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 67620 9e96f0749268f09040d2f652be153bf9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 307526 aab501e0974a424c0425940ab626e10a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 66232 f36ccf5b0c2baa706dcadecb903798f3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 78516 48a3439e5040f4196a90ee12375b4169 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_i386.deb Size/MD5 checksum: 70728 cef82eb0a5c4dbbaa7d9ec7b6f32f64f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 75032 0feeb83f5aa7bed9b4d2360c5a6f8949 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 431260 bf91f89bea8fb52ec2d5f82936dd339f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 84588 5750453439d8179b6b19d395c2badcb7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 75120 7a79e798a92e177a0777efab027b2965 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 68738 a2ff868b888959304b0247cc3041fd2e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_ia64.deb Size/MD5 checksum: 70900 b2078fff9fd573f47d518d9c7c25246e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 71286 e8938e2d1f10d15fbd4922df02bab53d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 71130 023737adef682d577aedc0af2e249835 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 313018 5e103d0333acdc2593a4eed7dfbce519 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 78070 074c3f59881fe200ed22dc4d058ab614 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 68284 1ee640d812322c7543fa5bb06e53d0e8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_mips.deb Size/MD5 checksum: 66868 ed578b54e85963ac73976c06183c1c45 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 70770 07cc5ff5c4138b439fcff9ff4eac68cf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 69084 2d44c22a09148940548988b3e8c86559 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 81682 1925dbe33db2672e17c81f913f6b0154 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 366542 0be13715b3501ab061949f68c5d23fc1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 74296 cb0e45885b017c2579f322a2aaa9c9bd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_powerpc.deb Size/MD5 checksum: 73892 5cea3a9b840550f56f0779ad7a2fd571 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 330222 88f47f047aaecb07956f2d3026c3a59b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 79152 bc3f4103c80fa0e6cf0c6b8dd2469da8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 72406 0fe4bb1bba1d9fc7182c6867b6c993da http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 67152 bd416352fdb89e3f75b03606c9537ca4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 68640 fecb92a43b0e9d0c637044e388f74125 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_s390.deb Size/MD5 checksum: 72002 047561ce9696899949940fec802b2a7b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 71384 67710ff21741d2a70642ae833b087e4a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 306226 eca87ad74cc54ac577bb2578a1fa8a8a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 71274 5664837eddb3450ba7b159c6ec045ec7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 68330 f9f0527fd7310a29e4ef5a4b50e079cf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 66744 516ac0bcd498191e7b55aed5653a000c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_sparc.deb Size/MD5 checksum: 78666 8e757df9377c9e69c33525118d5b4eb5 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade LightTPD -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch id SSV:19062 last seen 2017-11-19 modified 2010-02-04 published 2010-02-04 reporter Root source https://www.seebug.org/vuldb/ssvid-19062 title lighttpd畸形HTTP请求远程拒绝服务漏洞 bulletinFamily exploit description No description provided by source. id SSV:19745 last seen 2017-11-19 modified 2010-06-06 published 2010-06-06 reporter Root source https://www.seebug.org/vuldb/ssvid-19745 title lighttpd < 1.4.25-r1 Denial of Service
References
- http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
- http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch
- http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
- http://redmine.lighttpd.net/issues/2147
- http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
- http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
- http://secunia.com/advisories/38403
- http://secunia.com/advisories/39765
- http://security.gentoo.org/glsa/glsa-201006-17.xml
- http://www.debian.org/security/2010/dsa-1987
- http://www.openwall.com/lists/oss-security/2010/02/01/8
- http://www.securityfocus.com/bid/38036
- http://www.vupen.com/english/advisories/2011/0172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56038