openSUSE Security Update : lighttpd (openSUSE-SU-2014:0449-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

lighttpd was updated to version 1.4.35, fixing bugs and security
issues :

CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in
lighttpd allowed remote attackers to execute arbitrary SQL commands
via the host name, related to request_check_hostname.

CVE-2014-2323: Multiple directory traversal vulnerabilities in (1)
mod_evhost and (2) mod_simple_vhost in lighttpd allowed remote
attackers to read arbitrary files via a .. (dot dot) in the host name,
related to request_check_hostname.

More information can be found on the lighttpd advisory page:
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

Other changes :

- [network/ssl] fix build error if TLSEXT is disabled

- [mod_fastcgi] fix use after free (only triggered if
fastcgi debug is active)

- [mod_rrdtool] fix invalid read (string not null
terminated)

- [mod_dirlisting] fix memory leak if pcre fails

- [mod_fastcgi,mod_scgi] fix resource leaks on spawning
backends

- [mod_magnet] fix memory leak

- add comments for switch fall throughs

- remove logical dead code

- [buffer] fix length check in buffer_is_equal_right_len

- fix resource leaks in error cases on config parsing and
other initializations

- add force_assert() to enforce assertions as simple
assert()s are disabled by -DNDEBUG (fixes #2546)

- [mod_cml_lua] fix NULL pointer dereference

- force assertion: setting FD_CLOEXEC must work (if
available)

- [network] check return value of lseek()

- fix unchecked return values from
stream_open/stat_cache_get_entry

- [mod_webdav] fix logic error in handling file creation
error

- check length of unix domain socket filenames

- fix SQL injection / host name validation (thx Jann Horn)
for all the changes see
/usr/share/doc/packages/lighttpd/NEWS

See also :

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
http://lists.opensuse.org/opensuse-updates/2014-03/msg00094.html
https://bugzilla.novell.com/show_bug.cgi?id=867350

Solution :

Update the affected lighttpd packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75308 ()

Bugtraq ID: 66153
66157

CVE ID: CVE-2014-2323
CVE-2014-2324

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now