FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.

The version of fcgi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2012-6687 advisory.

  - FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation     fault and crash) via a large number of connections. (CVE-2012-6687)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It was discovered that there was a remote denial of service in libfcgi-perl, a helper library for implementing the FastCGI web server protocol for Perl.

For Debian 6 Squeeze, this issue has been fixed in libfcgi-perl version 0.71-1+squeeze1+deb6u1.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that there was a remote denial of service in libfcgi, a library for implementing the FastCGI web server protocol.

For Debian 6 Squeeze, this issue has been fixed in libfcgi version 2.4.0-8+deb6u1.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated fcgi packages fix security vulnerability :

FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service (CVE-2012-6687).

ID	Name	Product	Family	Severity
201745	CBL Mariner 2.0 Security Update: fcgi (CVE-2012-6687)	Nessus	MarinerOS Local Security Checks	high
88972	Debian DLA-431-1 : libfcgi-perl security update	Nessus	Debian Local Security Checks	medium
88971	Debian DLA-430-1 : libfcgi security update	Nessus	Debian Local Security Checks	medium
83250	Mandriva Linux Security Advisory : fcgi (MDVSA-2015:226)	Nessus	Mandriva Local Security Checks	medium

Detections

Analytics

CVE-2012-6687

high

Tenable Plugins

high

medium

medium

medium