Computer Security
[EN] no-pyccku

lighthttpd symbolic links vulnerabilities
SecurityVulns ID:12957
Threat Level:
Description:Unix socket with fixed name is created in world-writable directory.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2649-1] lighttpd security update (19.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod