Boletines de Vulnerabilidades

int(4533)

Boletines de Vulnerabilidades

Denegación de servicio en Yaws
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Denegación de Servicio
Dificultad	Principiante
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio estandar
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	Yaws < 1.80
Descripción
Se ha descubierto una vulnerabilidad en Yaws 1.5 y 1.7. Un atacante remoto podría causar una denegación de servicio mediante una petición con un gran número de cabeceras. Exploit público disponible.
Solución
Actualización de software Debian (DSA-1740-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1.diff.gz http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1.dsc http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65.orig.tar.gz alpha (DEC Alpha) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_arm.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_sparc.deb Debian (DSA-1740-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77.orig.tar.gz http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1.dsc http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1.diff.gz independent packages: http://security.debian.org/pool/updates/main/y/yaws/yaws-wiki_1.77-3+lenny1_all.deb http://security.debian.org/pool/updates/main/y/yaws/yaws-chat_1.77-3+lenny1_all.deb http://security.debian.org/pool/updates/main/y/yaws/yaws-mail_1.77-3+lenny1_all.deb http://security.debian.org/pool/updates/main/y/yaws/yaws-yapp_1.77-3+lenny1_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_arm.deb armel (ARM EABI) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_armel.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_sparc.deb
Identificadores estándar
Propiedad	Valor
CVE	CVE-2009-0751
BID	33834
Recursos adicionales
Debian Security Advisory (DSA-1740-1) http://lists.debian.org/debian-security-announce/2009/msg00050.html