SB2015031104 - Input validation error in fcgi (Alpine package)
Published: March 11, 2015
Security Bulletin ID
SB2015031104
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2012-6687)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e3cc6f649ff9d9a8e2dda94379dd15e2d76ba0ee
- https://git.alpinelinux.org/aports/commit/?id=919a7023941a246c06457d0912bf7748a8b19b06
- https://git.alpinelinux.org/aports/commit/?id=c4fb066a5a98091eb00a1c883bd3f62e67251213
- https://git.alpinelinux.org/aports/commit/?id=f5ea0fe91cddfad3fcdeb1d263a2ad695f1074ca
- https://git.alpinelinux.org/aports/commit/?id=6e6f21e2c6fb0bdf0a45a0b6922f9beb5552d645
- https://git.alpinelinux.org/aports/commit/?id=90b4fe010d23ae6e3cef853a6fd39d4e1596546d