正文

thttpd tdate_parse()堆溢出漏洞

admin
admin V管理员 /0 评论 /12 阅读
1230
此篇文章发布距今已超过1239天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

thttpd tdate_parse()堆溢出漏洞

  • CNNVD编号:CNNVD-200010-006
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2000-0359
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2000-10-20
  • 威胁类型: 远程
  • 更新时间: 2006-08-03
  • 厂        商: acme_labs
  • 漏洞来源: ');">Posted to BugTraq ...

漏洞简介

Trivial HTTP (THTTPd)存在缓冲区溢出漏洞。远程攻击者借助超长If-Modified-Since头导致服务拒绝或者执行任意命令。

漏洞公告

Upgrade to version 2.0.5 or later. S.u.S.E. has released upgrade RPMs for thttpd, which shipped as an optional package with S.u.S.E. Linux 6.2/6.3. Acme thttpd 2.0.4

  • S.u.S.E. 6.2 thttpd-2.04-31.i386.rpmFor S.u.S.E. Linux 6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/thttpd-2.04-31.i386.rpm
  • S.u.S.E. 6.3 thttpd-2.04-31.i386.rpmFor S.u.S.E. Linux 6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/thttpd-2.04-31.i386.rpm

参考网址

来源: BID 名称: 1248 链接:http://www.securityfocus.com/bid/1248 来源: SUSE 名称: 19991116 Security hole in thttpd 1.90a - 2.04 链接:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html 来源: BUGTRAQ 名称: 19991113 thttpd 2.04 stack overflow (VD#6) 链接:http://archives.neohapsis.com/archives/bugtraq/1626.html

受影响实体

  • Acme_labs Thttpd:1.90a  
    <!--
    2000-1-1
    -->
  • Acme_labs Thttpd:1.95  
    <!--
    2000-1-1
    -->
  • Acme_labs Thttpd:2.0  
    <!--
    2000-1-1
    -->
  • Acme_labs Thttpd:2.0.1  
    <!--
    2000-1-1
    -->
  • Acme_labs Thttpd:2.0.2  
    <!--
    2000-1-1
    -->

补丁

    暂无