Vulnerabilities: SuSE thttpd web-server

SuSE advises two vulnerabilities were found in the "tiny" web-server thttpd.

The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. The second bug occurs in the virtual-hosting code of thttpd and allows an attacker to bypass the virtual-hosting mechanism to read arbitrary files.

The vendor has also released an overall update on pending vulnerabilities in SuSE distributions, including updated packages for KDE and libnids.

More information on the thttpd flaws as well as the overall distribution update can be found at: http://www.suse.de/de/security/2003_044_thttpd.html

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about KDESuse

Show Comments