Lighttpd <= 1.4.17 FastCGI Header Overflow Remote Exploit
LighttpdのFastCGIについてリモートから実行可能な、脆弱性のExploitが出ています。
/*********************************************************** * hoagie_lighttpd.c * LIGHTTPD/FASTCGI REMOTE EXPLOIT (<= 1.4.17) * * Bug discovered by: * Mattias Bengtsson <mattias@secweb.se> * Philip Olausson <po@secweb.se> * http://www.secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ * * FastCGI: * http://www.fastcgi.com/devkit/doc/fcgi-spec.html * * THIS FILE IS FOR STUDYING PURPOSES ONLY AND A PROOF-OF- * CONCEPT. THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY * DAMAGE DONE USING THIS PROGRAM. * * VOID.AT Security * andi@void.at * http://www.void.at * ************************************************************/