The SecuriTeam.com web site is running an article that is attributed to "dong-h0un U" regarding a buffer overflow vulnerability that exists in releases of LibHTTPD up to and including the 1.2 release. The article includes full details of the vulnerability, a patch, and an exploit. See http://www.securiteam.com/unixfocus/6H00I2060I.html for the complete article. Sadly, as vendors of the software package, we were not informed of this problem by either the article's author or the organisation providing the web site that is carrying the article. A recent email from a third party has brought this to our attention. To overcome the outlined vulnerability, and to rectify a couple of other potential sources of buffer overflow problems, the 1.3 release of LibHTTPD has been made available. It can be immediately downloaded from our web site, www.Hughes.com.au David Hughes ...
