Computer Security
[EN] securityvulns.ru no-pyccku


lighthttpd symbolic links vulnerabilities
Published:19.03.2013
Source:
SecurityVulns ID:12957
Type:local
Threat Level:
5/10
Description:Unix socket with fixed name is created in world-writable directory.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2649-1] lighttpd security update (19.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod