Lighttpd SSL错误拒绝服务漏洞

来源

漏洞详情

贡献者 Knownsec 共获得 0KB

BUGTRAQ ID: 28489 CVE(CAN) ID: CVE-2008-1531 Lighttpd是一款轻型的开放源码Web Server软件包。 lighttpd没有正确地清除OpenSSL错误队列，如果远程攻击者可以触发SSL错误的话，如在下载结束前断开连接，lighttpd就可能断开所有活动的SSL连接。 LightTPD 1.4.19 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1540-2）以及相应补丁: DSA-1540-2：New lighttpd packages fix denial of service 链接：<a href=http://www.debian.org/security/2008/dsa-1540 target=_blank>http://www.debian.org/security/2008/dsa-1540</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz</a> Size/MD5 checksum: 37420 89efdab79fcbac119000a64cab648fcd <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz</a> Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc</a> Size/MD5 checksum: 1098 87a04c4e704dd7921791bc44407b5e0e Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb</a> Size/MD5 checksum: 99618 ae68b64b7c0df0f0b3a9d19b87e7c40a amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 297300 19f5b871d2a9a483e1ecdaa2325c45cb <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 63586 750cf5f5d7671986b195366f2335c9cc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 63884 72ee2b52772010ae7c63a0a2b4761ff5 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 59138 45672a1a3af65311693a3aee58be5566 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 69890 b84d4ea8c9af282e2aeeb5c05847a95a <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb</a> Size/MD5 checksum: 60742 f48ef372b71be1b2683d03b411c7e7cf hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 59896 60a4e61e9b5e2bafbf53474d677b36bb <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 323946 642f46921f99dfdf8e52ed3777847cbc <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 61890 4feb260d9f611c26979872b49b09ebc1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 65000 2ce28ddd20bcd1bf407e14bae053537b <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 72946 33c93c114c3807d63bb18a5a9b3f33b9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb</a> Size/MD5 checksum: 65520 82a4460351af3d4c8b9d84ec831bd006 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 63884 96876134f02cf6b3c5079d5deecca7d9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 59086 f928fd96f37229e72661fa7140a0daa9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 289088 477ce333d4a1b9f506645ff22193191f <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 70932 90cd2be30fb0f0e0ff97820e1b8c19f1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 63690 f5c320e1f272a52ec9354b27f5c36082 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb</a> Size/MD5 checksum: 60846 0f30b9acbc10ec2c648edf19b8e41178 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 67508 8d853ada8818a91fa022e0dd52c19edf <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 63054 22a7de81eb0ec31a95632eb555a888c1 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 77062 04cffb6683e4a3c92f5f48e8d2df5dd8 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 67366 0f9272c16ab8cf4e75129f5a3eaa5d71 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 403358 aefa2c83a3baf3ee9ae8ba1c6629e22e <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb</a> Size/MD5 checksum: 61176 ea0d6334ab0904bddbbe9cf90a72ba9e mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 62658 8799ed08b706281b21814f559f858be9 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 58572 7520f8302f2e0cb1ceed528d01c1aea7 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 62526 c75ac1e607ebcbc95ed03e8adb088dec <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 296088 f05c1b65de0bb165c1fa8ef749c1f60c <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 59960 76b2266c789cad50fae1d751cc2be88c <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb</a> Size/MD5 checksum: 69236 61394a59d58c8f5f5c721a4085fee51e mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 59282 56363403b07fd8bb4ec4628c4607cd8b <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 63368 f8378c36175b9b3f87f038f45cad5e4d <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 70020 e7b073ea24c3de3404f69ad8dbdd43df <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 60762 cdb8770285645d0ea048b02fb866f63a <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 63542 c5a4b5467b6917a7065e1ef6a57fd3a2 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb</a> Size/MD5 checksum: 297260 1d3b8cac9795b18e231e5f99a25d9f3b powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 71762 4465577bc817611ca87c7f21bc0d2642 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 65390 ac39f8d16559e8a4e8bd09a274c58895 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 65114 844e63058ca4968673e652684c37c309 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 323818 11066e5afd416b95a825212056d6d493 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 62462 4eeb054f0838cd87f8ff21b798dd1110 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb</a> Size/MD5 checksum: 60644 0b547baa6b634ee3e606f58a1b503f26 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 307236 828090c5177429f28bdfcdc653aff701 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 64244 df43829d7d3a6cb956444e6c4123af6f <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 59580 f2d8a504078229d6a9c90ca2312736f2 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 61082 c73356530cb3936b5eaf0fa09b941bff <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 71368 15a98ad24b35b3a4461748b31d2408a7 <a href=http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb target=_blank>http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb</a> Size/MD5 checksum: 64632 2e037627c148aaa336465a89f9b6cc99 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200804-08）以及相应补丁: GLSA-200804-08：lighttpd: Multiple vulnerabilities 链接：<a href=http://security.gentoo.org/glsa/glsa-200804-08.xml target=_blank>http://security.gentoo.org/glsa/glsa-200804-08.xml</a> 所有lighttpd用户都应升级到最新版本： # emerge --sync # emerge --ask --oneshot --verbose ">=3Dwww-servers/lighttpd-1.4.19-r=2" LightTPD -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://trac.lighttpd.net/trac/changeset/2136 target=_blank>http://trac.lighttpd.net/trac/changeset/2136</a> <a href=http://trac.lighttpd.net/trac/changeset/2139 target=_blank>http://trac.lighttpd.net/trac/changeset/2139</a>

BUGTRAQ ID: 28489 CVE(CAN) ID: CVE-2008-1531

Lighttpd是一款轻型的开放源码Web Server软件包。

lighttpd没有正确地清除OpenSSL错误队列，如果远程攻击者可以触发SSL错误的话，如在下载结束前断开连接，lighttpd就可能断开所有活动的SSL连接。

LightTPD 1.4.19 厂商补丁：

Debian

Debian已经为此发布了一个安全公告（DSA-1540-2）以及相应补丁: DSA-1540-2：New lighttpd packages fix denial of service 链接：http://www.debian.org/security/2008/dsa-1540

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz Size/MD5 checksum: 37420 89efdab79fcbac119000a64cab648fcd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc Size/MD5 checksum: 1098 87a04c4e704dd7921791bc44407b5e0e

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb Size/MD5 checksum: 99618 ae68b64b7c0df0f0b3a9d19b87e7c40a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 297300 19f5b871d2a9a483e1ecdaa2325c45cb http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 63586 750cf5f5d7671986b195366f2335c9cc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 63884 72ee2b52772010ae7c63a0a2b4761ff5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 59138 45672a1a3af65311693a3aee58be5566 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 69890 b84d4ea8c9af282e2aeeb5c05847a95a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 60742 f48ef372b71be1b2683d03b411c7e7cf

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 59896 60a4e61e9b5e2bafbf53474d677b36bb http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 323946 642f46921f99dfdf8e52ed3777847cbc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 61890 4feb260d9f611c26979872b49b09ebc1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 65000 2ce28ddd20bcd1bf407e14bae053537b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 72946 33c93c114c3807d63bb18a5a9b3f33b9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 65520 82a4460351af3d4c8b9d84ec831bd006

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb Size/MD5 checksum: 63884 96876134f02cf6b3c5079d5deecca7d9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb Size/MD5 checksum: 59086 f928fd96f37229e72661fa7140a0daa9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb Size/MD5 checksum: 289088 477ce333d4a1b9f506645ff22193191f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb Size/MD5 checksum: 70932 90cd2be30fb0f0e0ff97820e1b8c19f1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_i386.deb Size/MD5 checksum: 63690 f5c320e1f272a52ec9354b27f5c36082 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_i386.deb Size/MD5 checksum: 60846 0f30b9acbc10ec2c648edf19b8e41178

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 67508 8d853ada8818a91fa022e0dd52c19edf http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 63054 22a7de81eb0ec31a95632eb555a888c1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 77062 04cffb6683e4a3c92f5f48e8d2df5dd8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 67366 0f9272c16ab8cf4e75129f5a3eaa5d71 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 403358 aefa2c83a3baf3ee9ae8ba1c6629e22e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_ia64.deb Size/MD5 checksum: 61176 ea0d6334ab0904bddbbe9cf90a72ba9e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mips.deb Size/MD5 checksum: 62658 8799ed08b706281b21814f559f858be9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mips.deb Size/MD5 checksum: 58572 7520f8302f2e0cb1ceed528d01c1aea7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mips.deb Size/MD5 checksum: 62526 c75ac1e607ebcbc95ed03e8adb088dec http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mips.deb Size/MD5 checksum: 296088 f05c1b65de0bb165c1fa8ef749c1f60c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mips.deb Size/MD5 checksum: 59960 76b2266c789cad50fae1d751cc2be88c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mips.deb Size/MD5 checksum: 69236 61394a59d58c8f5f5c721a4085fee51e

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 59282 56363403b07fd8bb4ec4628c4607cd8b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 63368 f8378c36175b9b3f87f038f45cad5e4d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 70020 e7b073ea24c3de3404f69ad8dbdd43df http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 60762 cdb8770285645d0ea048b02fb866f63a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 63542 c5a4b5467b6917a7065e1ef6a57fd3a2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_mipsel.deb Size/MD5 checksum: 297260 1d3b8cac9795b18e231e5f99a25d9f3b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 71762 4465577bc817611ca87c7f21bc0d2642 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 65390 ac39f8d16559e8a4e8bd09a274c58895 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 65114 844e63058ca4968673e652684c37c309 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 323818 11066e5afd416b95a825212056d6d493 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 62462 4eeb054f0838cd87f8ff21b798dd1110 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_powerpc.deb Size/MD5 checksum: 60644 0b547baa6b634ee3e606f58a1b503f26

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_s390.deb Size/MD5 checksum: 307236 828090c5177429f28bdfcdc653aff701 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_s390.deb Size/MD5 checksum: 64244 df43829d7d3a6cb956444e6c4123af6f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_s390.deb Size/MD5 checksum: 59580 f2d8a504078229d6a9c90ca2312736f2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_s390.deb Size/MD5 checksum: 61082 c73356530cb3936b5eaf0fa09b941bff http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_s390.deb Size/MD5 checksum: 71368 15a98ad24b35b3a4461748b31d2408a7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_s390.deb Size/MD5 checksum: 64632 2e037627c148aaa336465a89f9b6cc99

补丁安装方法：

手工安装补丁包：

首先，使用下面的命令来下载补丁软件：

wget url (url是补丁下载链接地址)

然后，使用下面的命令来安装补丁：

dpkg -i file.deb (file是相应的补丁名)
使用apt-get自动安装补丁包：

首先，使用下面的命令更新内部数据库：

apt-get update

然后，使用下面的命令安装更新软件包：

apt-get upgrade

Gentoo

Gentoo已经为此发布了一个安全公告（GLSA-200804-08）以及相应补丁: GLSA-200804-08：lighttpd: Multiple vulnerabilities 链接：http://security.gentoo.org/glsa/glsa-200804-08.xml

所有lighttpd用户都应升级到最新版本：

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=3Dwww-servers/lighttpd-1.4.19-r=2&quot;

LightTPD

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://trac.lighttpd.net/trac/changeset/2136 http://trac.lighttpd.net/trac/changeset/2139

共 0 兑换了

PoC

暂无 PoC

参考链接

解决方案

临时解决方案

无

官方解决方案

升级到最新无漏洞版本

防护方案

无

基本字段

来源

漏洞详情

Debian

wget url (url是补丁下载链接地址)

dpkg -i file.deb (file是相应的补丁名)

apt-get update

apt-get upgrade

Gentoo

LightTPD

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

Lighttpd SSL错误拒绝服务漏洞

基本字段

来源

漏洞详情

Debian

wget url (url是补丁下载链接地址)

dpkg -i file.deb (file是相应的补丁名)

apt-get update

apt-get upgrade

Gentoo

LightTPD

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定