Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Bugtraq ID: 37714
Class: Input Validation Error
CVE: CVE-2009-4490
CVE-2009-4491
Remote: Yes
Local: No
Published: Jan 11 2010 12:00AM
Updated: Jun 25 2012 07:50AM
Credit: Giovanni 'evilaliv3' Pellerano, Alessandro 'jekil' Tanasi, and Francesco 'ascii' Ongaro
Vulnerable: Gentoo Linux
Acme thttpd 2.24
Acme thttpd 2.23 b1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
Acme thttpd 2.22
Acme thttpd 2.21 b
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Acme thttpd 2.21
Acme thttpd 2.20 c
+ Conectiva Linux 9.0
+ S.u.S.E. Linux 8.0
Acme thttpd 2.20 b
+ S.u.S.E. Linux 7.3
Acme thttpd 2.20
Acme thttpd 2.19
Acme thttpd 2.18
Acme thttpd 2.17
Acme thttpd 2.16
Acme thttpd 2.15
- S.u.S.E. Linux 6.4
Acme thttpd 2.14
Acme thttpd 2.13
Acme thttpd 2.12
Acme thttpd 2.11
Acme thttpd 2.10
Acme thttpd 2.0.9
Acme thttpd 2.0.8
Acme thttpd 2.0.7 beta 0.4
Acme thttpd 2.0.7
Acme thttpd 2.0.6
Acme thttpd 2.0.5
+ FREESCO FREESCO 0.3.2
+ FREESCO FREESCO 0.3.1
+ FREESCO FREESCO 0.3 .0
+ FREESCO FREESCO 0.2.7
Acme thttpd 2.0.4
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.2
Acme thttpd 2.0.3
Acme thttpd 2.0.2
Acme thttpd 2.0.1
Acme thttpd 2.0
Acme thttpd 1.95
Acme thttpd 1.90 a
Acme thttpd 1.0 .x
Acme thttpd 1.0
Acme thttpd 2.25 b
Acme thttpd 2.1x
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 3.5.1
- RedHat Linux 7.0
Acme mini_httpd 1.18
Acme mini_httpd 1.16
Acme mini_httpd 1.15 c
Acme mini_httpd 1.15 b
Acme mini_httpd 1.15
Acme mini_httpd 1.14
Acme mini_httpd 1.13
Acme mini_httpd 1.12
Acme mini_httpd 1.11
Acme mini_httpd 1.10 0
Acme mini_httpd 1.0 1
Acme mini_httpd 1.0 0
Acme mini_httpd 1.19
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus