PublicDate: 2008-02-26 18:44:00 UTC
Candidate: CVE-2008-0983
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983
Description:
 lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
 properly calculate the size of a file descriptor array, which allows remote
 attackers to cause a denial of service (crash) via a large number of
 connections, which triggers an out-of-bounds access.
Ubuntu-Description:
Notes:
 jdstrand> per emgent, this is fixed with 90_maxfds_crash_fix
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
 https://bugs.launchpad.net/ubuntu/+bug/195380
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_lighttpd:
upstream_lighttpd: needed
dapper_lighttpd: released (1.4.11-3ubuntu3.6)
edgy_lighttpd: released (1.4.13~r1370-1ubuntu1.4)
feisty_lighttpd: released (1.4.13-9ubuntu4.3)
gutsy_lighttpd: released (1.4.18-1ubuntu1.1)
devel_lighttpd: released (1.4.18-1ubuntu3)