FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- DOS when access files with mtime 0

Affected packages
lighttpd < 1.4.15

Details

VuXML ID 5678da43-ea99-11db-a802-000fea2763ce
Discovery 2007-01-14
Entry 2007-04-14

Lighttpd SA:

Lighttpd caches the rendered string for mtime. The cache key has as a default value 0. At that point the pointer to the string are still NULL. If a file with an mtime of 0 is requested it tries to access the pointer and crashes.

The bug requires that a malicious user can either upload files or manipulate the mtime of the files.

The bug was reported by cubiq and fixed by Marcus Rueckert.

References

CVE Name CVE-2007-1870
URL http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt