thr3ads.net - Secure testing team - [Secure-testing-team] Bug#601585: weborf: DoS on malformed requests [Oct 2010]

If this information is useful, please help other people find it:
Share via:

Salvo Tomaselli

2010-Oct-27 14:05 UTC

[Secure-testing-team] Bug#601585: weborf: DoS on malformed requests

Package: weborf
Version: 0.12.3-1
Severity: grave
Tags: security upstream
Justification: user security hole

Example of exploit here:

https://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.4



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, ''unstable''), (500,
''experimental''), (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35.7-calipso (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages weborf depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib

weborf recommends no packages.

Versions of packages weborf suggests:
ii  php5-cgi                      5.3.3-2    server-side, HTML-embedded scripti

-- no debconf information

Secure testing team - Oct 2010 - Bug#601585: weborf: DoS on malformed requests

[Secure-testing-team] Bug#601585: weborf: DoS on malformed requests