25 February 2008, 16:39
DoS vulnerability in the lighttpd web server
A bug in the current version of the popular lighttpd open source lean web server can be used to remotely crash it. The vulnerability is due to a computation error when creating the global file descriptor array. This results in a memory error that crashes the server under heavy loads.
The bug has been confirmed in both the stable version 1.4.18, and the developer version 1.5. Previous versions after 1.4.8 are affected, since it introduced in that version, according to the bug comments. The error has already been remedied in the project's subversion repository. source code patches are also available for download. However, there is no official update yet.
See also:
- sigsegv @ fdevent_get_handler - when congestion occurs, and file descriptor arrays is full, Entry in lighttpd error database
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-734335
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
