Oval Definition:oval:org.opensuse.security:def:20081270
Revision Date:2022-06-30Version:1
Title:CVE-2008-1270
Description:

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-1270
Mitre CVE-2008-1270
SUSE CVE-2008-1270
SUSE-SR:2008:008
SUSE-SR:2008:008
Platform(s):openSUSE 10.2
openSUSE 10.3
openSUSE Tumbleweed
SUSE LINUX 10.1
SUSE Linux Enterprise Software Development Kit 11 SP4
Product(s):
Definition Synopsis
  • suse101 is installed
  • AND Package Information
  • lighttpd-mod_cml less than 1.4.10-11.20
  • OR lighttpd-mod_mysql_vhost less than 1.4.10-11.20
  • OR lighttpd-mod_rrdtool less than 1.4.10-11.20
  • OR lighttpd-mod_trigger_b4_dl less than 1.4.10-11.20
  • OR lighttpd-mod_webdav less than 1.4.10-11.20
  • OR lighttpd less than 1.4.10-11.20
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • lighttpd-1.4.20-2.54 is installed
  • OR lighttpd-mod_cml-1.4.20-2.54 is installed
  • OR lighttpd-mod_magnet-1.4.20-2.54 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.20-2.54 is installed
  • OR lighttpd-mod_rrdtool-1.4.20-2.54 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.20-2.54 is installed
  • OR lighttpd-mod_webdav-1.4.20-2.54 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lighttpd-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.59-2.1 is installed
  • OR lighttpd-mod_cml-1.4.59-2.1 is installed
  • OR lighttpd-mod_magnet-1.4.59-2.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.59-2.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.59-2.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.59-2.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 is installed
  • OR lighttpd-mod_webdav-1.4.59-2.1 is installed
    • BACK