FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability

Affected packages
lighttpd < 1.4.19_1

Details

VuXML ID 1ac77649-0908-11dd-974d-000fea2763ce
Discovery 2008-04-02
Entry 2008-04-13

Secunia reports:

A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.

References

Bugtraq ID 28489
CVE Name CVE-2008-1531
URL http://secunia.com/advisories/29649
URL http://trac.lighttpd.net/trac/ticket/285