Bug 47792 (CVE-2003-0899)

Summary: VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal
Product: [Novell Products] SUSE Security Incidents Reporter: Dirk Mueller <dmueller>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dirk Mueller 2003-10-30 03:29:34 UTC
Two unpatched vulnerabilities exist in thttpd:  
 
http://marc.theaimsgroup.com/?l=thttpd&m=103609565110472&w=2 
http://marc.theaimsgroup.com/?l=thttpd&m=106736210902803&w=2 
 
the CVE's are CAN-2002-1562 and CAN-2003-0899 
 
both are fixed in the 2.24 release.
Comment 1 Thomas Biege 2003-10-30 15:27:07 UTC
update packages approved. 
Comment 2 Thomas Biege 2009-10-13 19:41:24 UTC
CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)