504824 : vulnerable thttpd version: 2.25b

Risk 4 : Web Services

A remote attacker could gain unauthorized read access or execute arbitrary commands.

thttpd is a Unix web server designed to be small, simple, fast, and secure.

thttp supports virtual hosts, which is a web server configuration allowing multiple web sites to be hosted on the same server.

mini_httpd is another Unix web server by the same developers as thttpd. It was developed mainly for experimentation.

Also note that FREESCO routing software embeds a thttpd server.

Terminal Escape Sequence in Logs Command Injection Vulnerability

01/26/10 CVE 2009-4491 Acme thttpd 2.25b and prior are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. htpasswd Local Privilege Elevation

03/16/06 CVE 2006-1078 CVE 2006-1079 htpasswd, as used in thttpd has several local privilege elevation vulnerabilities including those caused by shell metacharacters, overly long command line arguments and an overly long line in a file. Versions of thttpd up to and including 2.25b are vulnerable. CGI example Cross-Site Scripting

02/09/04 CVE 2004-2102 The example CGI script is vulnerable to cross-site scripting via the test parameter. A cross-site scripting vulnerability could be exploited by a malicious web site to trick an unsuspecting user into executing arbitrary commands on his or her own computer. One possible outcome would be for the attacker to steal cookies from the user's web browser, which often contain authentication data that could be used to gain unauthorized access to web applications. It is reported that thttpd 2.05 is vulnerable but other versions are likely to be vulnerable. defang Buffer Overflow

11/04/03 CVE 2003-0899 thttpd versions prior to 2.24 contain a remotely exploitable buffer overflow in the defang() function in libhttpd.c that allows execution of arbitrary code on the vulnerable host. The vulnerability can be exploited by sending a request that contains "<" or ">" characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.

Virtual Host Directory Traversal

05/07/03 CVE 2002-1562 If virtual hosting is enabled, a remote attacker could view files outside of the web root directory by supplying an HTTP Host: header containing slash-dot-dot (/..) sequences. If thttpd is run with chroot, an attack would be limited to the top of the chroot tree. Otherwise, the attacker could view any file on the entire disk.

Buffer Overflows in Date Parsing

CVE 1999-1457 CVE 2000-0359 thttpd versions prior to 2.05 are affected by a buffer overflow in the tdate_parse function. A remote attacker could execute arbitrary commands by including a long, specially crafted value in the If-Modified-Since: header within an HTTP request.

Permissions Bypass on Protected Files

CVE 2001-0892 When the chroot option is enabled, thttpd does not properly handle requests for protected files. By appending a trailing slash to a request, a remote attacker could view files which should not be readable, such as files in password protected directories. thttpd versions prior to 2.22 are vulnerable.

The Terminal Escape Sequence in Logs Command Injection vulnerability was reported in http://www.securityfocus.com/bid/37714 Bugtraq ID 37714.

The htpasswd privilege elevation vulnerability was reported in http://www.securityfocus.com/bid/16972 Bugtraq ID 16972.

The cross-site scripting vulnerability was reported in http://www.securityfocus.com/bid/9474/ Bugtraq ID 9474.

For information about the defang buffer overflow vulnerability, see Texonet Security Advisory http://www.securityfocus.com/archive/1/342584 20030908.

The directory traversal vulnerability in virtual hosting was posted to the http://marc.theaimsgroup.com/?l=thttpd&m=103609565110472&w=2 thttpd users list.

The buffer overflow in date parsing was posted to http://www.securityfocus.com/archive/1/34635 Bugtraq archive 342584.

The permissions bypass vulnerability was posted to http://www.securityfocus.com/archive/1/239964 Bugtraq archive 239964.

Solution:

Upgrade to the latest version of http://www.acme.com/software/thttpd/ thttpd, http://www.acme.com/software/mini_httpd/ mini_httpd, or http://freesco.sourceforge.net/ FREESCO.

To remove the cross-site scripting vulnerability, remove the example CGI script.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-04-15
New Search
Keywords
Risk Factor
Start Date
End Date
Browse