Launchpad.net

CVE 2008-0983

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Related bugs and status

CVE-2008-0983 (Candidate) is related to these bugs:

Bug #200987: CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable

		In	Importance	Status
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu)	Medium	Fix Released
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu Dapper)	Medium	Fix Released
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu Edgy)	Medium	Fix Released
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu Feisty)	Medium	Fix Released
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu Gutsy)	Medium	Fix Released
200987	CVE-2008-1270 when mod_userdir is loaded but not configured, the server's whole disk becomes remotely readable	lighttpd (Ubuntu Hardy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://trac.lighttpd.n...
BID: 27943
SECUNIA: 29066
CONFIRM: https://issues.rpath.c...
SECUNIA: 29166
CONFIRM: http://wiki.rpath.com/...
FEDORA: FEDORA-2008-2262
FEDORA: FEDORA-2008-2278
GENTOO: GLSA-200803-10
SECUNIA: 29209
SECUNIA: 29268
SUSE: SUSE-SR:2008:008
SECUNIA: 29622
DEBIAN: DSA-1609
SECUNIA: 31104
VUPEN: ADV-2008-0659
BUGTRAQ: 20080228 rPSA-2008-008...