SB2016071407 - Buffer overflow when processing HTTP requests in mini_httpd (Alpine package)
Published: July 14, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow when processing HTTP requests (CVE-ID: CVE-2015-1548)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper handling of long string passed via HTTP request. A remote attacker can send a specially crafted HTTP GET request with protocol name longer than 10000 bytes, cause out-of-bounds read and obtain potentially sensitive information from system memory.
Exploitation example:
perl -e 'print "GET / " . "X"x65536 . "/Y" . "\r\n\r\n"' | ncat localhost 80
Successful exploitation of this vulnerability may allow an attacker to obtain potentially sensitive data stored in RAM, such as passwords, private encryption keys etc.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=46cc566b714b3b7bd23a8776ec7d62b5119d84b9
- https://git.alpinelinux.org/aports/commit/?id=aebd71a3ff4785df943cde74514da329feb099a9
- https://git.alpinelinux.org/aports/commit/?id=d3608fd1861a2ef47b467b4d174db3672de7d422
- https://git.alpinelinux.org/aports/commit/?id=68c019d5d997f18914a2b919d4511234d240d0f3
- https://git.alpinelinux.org/aports/commit/?id=cb82a51fa4b1179b5ef61e71a41b377fbd3bef83