Joined: 12 May 2004
|Posted: Mon Jun 25, 2012 12:26 am Post subject: [ GLSA 201206-27 ] mini_httpd: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: mini_httpd: Arbitrary code execution (GLSA 201206-27)
Date: June 24, 2012
A vulnerability in mini_httpd could allow remote attackers to
execute arbitrary code.
mini_httpd is a small webserver with optional SSL and IPv6 support.
Vulnerable: > 1.19 <= 1.19
Architectures: All supported architectures
mini_httpd does not properly check for shell escapes when parsing HTTP
A remote attacker could send specially crafted HTTP requests, possibly
resulting in execution of arbitrary code with the privileges of the
process, or allowing for overwriting of files.
There is no known workaround at this time.
Gentoo discontinued support for mini_httpd. We recommend that users
|# emerge --unmerge "www-servers/mini_httpd"