CVE-2007-3950

Name of the Vulnerable Software and Affected Versions: lighttpd versions 1.4.15 and prior

Description: The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the mod scgi, mod fastcgi, and mod webdav modules. Additionally, multiple remote vulnerabilities exist, including errors in processing HTTP headers, mod auth, and parsing Auth-Digest headers, which can be exploited to cause a denial of service. An error in the mechanism that limits the number of active connections can also be exploited to cause a denial of service. Furthermore, an error in processing HTTP requests can be exploited to access restricted files by adding a "/" to a URL. An error in mod scgi can be exploited to cause a denial of service by sending a SCGI request and closing the connection while lighttpd processes the request. The return value of "base64 decode" in mod auth was not checked properly when parsing the credentials for basic authentication, which could lead to accessing uninitialized memory. An error in the header parsing code can lead to access of memory outside of the original boundaries and can cause a memory corruption.

Recommendations: For lighttpd versions 1.4.15 and prior, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the mod scgi, mod fastcgi, and mod webdav modules until a patch is available. Avoid using the "MD5-sess" algorithm in mod auth without a cnonce to prevent potential denial of service attacks. Restrict access to the Auth-Digest headers in mod auth to minimize the risk of exploitation. Limit the number of active connections to prevent denial of service attacks. Avoid adding a "/" to URLs to prevent accessing restricted files. Restrict access to the mod scgi module to prevent denial of service attacks by sending SCGI requests and closing the connection while lighttpd processes the request. Check the return value of "base64 decode" in mod auth to prevent accessing uninitialized memory. Fix the error in the header parsing code to prevent memory corruption.