CVE-2008-1270
published 2008-03-10CVE-2008-1270: mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files…
PriorityP434medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.90%
95.6th percentile
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lighttpd | < lighttpd 1.4.19-1 (bookworm) | lighttpd 1.4.19-1 (bookworm) |
| lighttpd | lighttpd | <= 1.4.18 | — |
| lighttpd | lighttpd | >= 0 < 1.4.19-1 | 1.4.19-1 |
| lighttpd | lighttpd | >= 0 < 1.4.19-1 | 1.4.19-1 |
| lighttpd | lighttpd | >= 0 < 1.4.19-1 | 1.4.19-1 |
| lighttpd | lighttpd | >= 0 < 1.4.19-1 | 1.4.19-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r872-9mqq-9xpp: mod_userdir in lighttpd 1
ghsa_unreviewed·2022-05-01
CVE-2008-1270 [MEDIUM] CWE-200 GHSA-r872-9mqq-9xpp: mod_userdir in lighttpd 1
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
OSV
CVE-2008-1270: mod_userdir in lighttpd 1
osv·2008-03-10·CVSS 5.0
CVE-2008-1270 [MEDIUM] CVE-2008-1270: mod_userdir in lighttpd 1
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Red Hat
rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
vendor_redhat·2008-08-24·CVSS 2.1
CVE-2008-4982 [LOW] rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
Debian
CVE-2008-1270: lighttpd - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a...
vendor_debian·2008·CVSS 5.0
CVE-2008-1270 [MEDIUM] CVE-2008-1270: lighttpd - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a...
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Scope: local
bookworm: resolved (fixed in 1.4.19-1)
bullseye: resolved (fixed in 1.4.19-1)
forky: resolved (fixed in 1.4.19-1)
sid: resolved (fixed in 1.4.19-1)
trixie: resolved (fixed in 1.4.19-1)
Red Hat
lighttpd considers empty directory string to be CWD
vendor_redhat·CVSS 5.0
CVE-2008-1270 [MEDIUM] lighttpd considers empty directory string to be CWD
lighttpd considers empty directory string to be CWD
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Red Hat
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
vendor_redhat·CVSS 5.0
CVE-2008-6680 [MEDIUM] clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
Red Hat
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
vendor_redhat·CVSS 5.0
CVE-2009-1270 [MEDIUM] clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
Red Hat
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
vendor_redhat·CVSS 5.0
CVE-2009-1241 [MEDIUM] clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
No detection rules found.
Bugzilla
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
bugzilla·2009-04-09·CVSS 5.0
CVE-2008-6680 [MEDIUM] clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
Upstream clamav version 0.95 fixes few security issues:
CVE-2008-6680:
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
divide-by-zero error.
Upstream bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335
Upstream fix:
svn diff -c 4980 http://svn.clamav.net/svn/clamav-devel/
CVE-2009-1270:
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang.
Upstream bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
Upstream fix:
svn diff -c 4981 http://svn.clamav.net/svn/clamav-devel/
Discussion:
For the
Bugzilla
CVE-2008-1270 lighttpd considers empty directory string to be CWD
bugzilla·2008-03-11·CVSS 5.0
CVE-2008-1270 [MEDIUM] CVE-2008-1270 lighttpd considers empty directory string to be CWD
CVE-2008-1270 lighttpd considers empty directory string to be CWD
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1270 to the following vulnerability:
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
References:
http://trac.lighttpd.net/trac/ticket/1587
https://bugs.gentoo.org/show_bug.cgi?id=212930
https://issues.rpath.com/browse/RPL-2344
Discussion:
Fedora Project does not consider this a security vulnerability.
This needs user voluntarily do a senseless and unlike configuration change with
a well-documented and expectable effect. We will not issue a security update for
this, but will follow upstream
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlhttp://secunia.com/advisories/29318http://secunia.com/advisories/29403http://secunia.com/advisories/29622http://secunia.com/advisories/29636http://security.gentoo.org/glsa/glsa-200804-08.xmlhttp://trac.lighttpd.net/trac/ticket/1587http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106http://www.debian.org/security/2008/dsa-1521http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germanyhttp://www.lighttpd.net/security/lighttpd_sa_2008_03.txthttp://www.securityfocus.com/archive/1/489465/100/0/threadedhttp://www.securityfocus.com/bid/28226http://www.vupen.com/english/advisories/2008/0885/referenceshttps://bugs.gentoo.org/show_bug.cgi?id=212930https://exchange.xforce.ibmcloud.com/vulnerabilities/41173https://issues.rpath.com/browse/RPL-2344http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlhttp://secunia.com/advisories/29318http://secunia.com/advisories/29403http://secunia.com/advisories/29622http://secunia.com/advisories/29636http://security.gentoo.org/glsa/glsa-200804-08.xmlhttp://trac.lighttpd.net/trac/ticket/1587http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106http://www.debian.org/security/2008/dsa-1521http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germanyhttp://www.lighttpd.net/security/lighttpd_sa_2008_03.txthttp://www.securityfocus.com/archive/1/489465/100/0/threadedhttp://www.securityfocus.com/bid/28226http://www.vupen.com/english/advisories/2008/0885/referenceshttps://bugs.gentoo.org/show_bug.cgi?id=212930https://exchange.xforce.ibmcloud.com/vulnerabilities/41173https://issues.rpath.com/browse/RPL-2344
2008-03-10
Published