• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Acme thttpd/mini_httpd Virtual Hosting File Disclosure Vulnerability

Solution:
SuSE has released an advisory (SuSE-SA:2003:044) to address this issue in SuSE Linux platforms. Affected users are advised to apply fixes as soon as possible. Further information regarding obtaining and applying these fixes can be found in the referenced advisory.

Debian has released an advisory (DSA 396-1) and fixes to address this issue in thttpd.

Conectiva has released a security advisory (CLA-2003:777) which contains fixes to address this issue. Users are advised to upgrade as soon as possible.

This issue has been addressed in thttpd 2.24 and mini_httpd 1.18.


Acme mini_httpd 1.0 0

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.0 1

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme thttpd 1.0

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme mini_httpd 1.10 0

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.11

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.12

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.13

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.14

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.15 b

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.15 c

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.15

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme mini_httpd 1.16

• Acme mini_httpd-1.18.tar.gz
  http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz

Acme thttpd 1.90 a

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 1.95

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.1

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.2

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.3

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.4

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.5

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.6

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.7

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.8

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.0.9

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.10

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.11

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.12

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.13

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.14

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.15

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.16

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.17

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.18

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.19

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.20 c

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz


• Conectiva thttpd-2.24-22871U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/thttpd-2.24-22871U90_1cl.i3 86.rpm


• Conectiva thttpd-htpasswd-2.24-22871U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/thttpd-htpasswd-2.24-22871U 90_1cl.i386.rpm


• SuSE thttpd-2.20c-98.i386.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/thttpd-2.20c-98.i386.pa tch.rpm


• SuSE thttpd-2.20c-98.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/thttpd-2.20c-98.i386.rp m

Acme thttpd 2.20 b

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz


• SuSE thttpd-2.20b-112.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/thttpd-2.20b-112.ppc.rpm


• SuSE thttpd-2.20b-175.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/thttpd-2.20b-175.i386.r pm

Acme thttpd 2.20

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.21

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.21 b

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.22

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz

Acme thttpd 2.23 b1

• Acme thttpd-2.24.tar.gz
  http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz


• SuSE thttpd-2.23beta1-163.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/thttpd-2.23beta1- 163.i586.patch.rpm


• SuSE thttpd-2.23beta1-164.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/thttpd-2.23beta1- 164.i586.patch.rpm


• SuSE thttpd-2.23beta1-165.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/thttpd-2.23beta1- 165.i586.patch.rpm


• SuSE thttpd-2.23beta1-163.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/thttpd-2.23beta1- 163.i586.rpm


• SuSE thttpd-2.23beta1-164.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/thttpd-2.23beta1- 164.i586.rpm


• SuSE thttpd-2.23beta1-165.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/thttpd-2.23beta1- 165.i586.rpm