GLSA-201206-27 : mini_httpd: Arbitrary code execution
Medium Nessus Plugin ID 59680
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201206-27 (mini_httpd: Arbitrary code execution)
mini_httpd does not properly check for shell escapes when parsing HTTP requests.
A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the privileges of the process, or allowing for overwriting of files.
There is no known workaround at this time.
SolutionGentoo discontinued support for mini_httpd. We recommend that users unmerge mini_httpd:
# emerge --unmerge 'www-servers/mini_httpd'