Bugtraq mailing list archives
thttpd 2.04 released (fwd)
From: marcs () ZNEP COM (Marc Slemko)
Date: Wed, 19 Aug 1998 17:27:00 -0700
FYI, anyone using thttpd should take note of the below and ensure they aren't vulnerable. The exploit is obvious from the fix so I won't belabour the point. ---------- Forwarded message ---------- Date: Mon, 10 Aug 1998 19:24:57 -0700 From: Jef Poskanzer <jef () acme com> To: thttpd () acme com Cc: Marc Slemko <marcs () znep com> Subject: thttpd 2.04 released Marc Slemko discovered a fairly serious security problem in thttpd. If you're not running chrooted, an attacker can use this bug to read files outside of your document tree, for instance /etc/passwd. Obviously this warrants an immediate patch release. If you are running thttpd chrooted (i.e. you start it as root), then you are safe from this bug. Better install the fix anyway though. New in version 2.04: - The simple mmap cache added in version 2.01 is now more aggressive, improving performance when a small set of files gets fetched a while lot. - Fixed bug in filename translation. Tarchive available as usual at http://www.acme.com/software/thttpd/ If all you want is the bug fix, a patch for just that is appended. --- Jef Jef Poskanzer jef () acme com http://www.acme.com/jef/ *** /tmp/,RCSt101alaP Mon Aug 10 19:09:49 1998 --- libhttpd.c Mon Aug 10 19:09:31 1998 *************** *** 975,980 **** --- 975,986 ---- (void) strcpy( rest, path ); if ( rest[restlen - 1] == '/' ) rest[--restlen] = '\0'; /* trim trailing slash */ + /* Remove any leading slashes. */ + while ( rest[0] == '/' ) + { + (void) strcpy( rest, &(rest[1]) ); + --restlen; + } r = rest; nlinks = 0;
Current thread:
- Rhino9 security advisory - rpc.pcnfsd John McDonald (Aug 19)
- Re: Rhino9 security advisory - rpc.pcnfsd Oliver Friedrichs (Aug 19)
- thttpd 2.04 released (fwd) Marc Slemko (Aug 19)
- <Possible follow-ups>
- Re: Rhino9 security advisory - rpc.pcnfsd Huger, Alfred (Aug 19)