Matthias Weckbecker (mweckbecker) reported on OSS-SEC that the thttpd daemon may experience a denial of service when using glibc due to glibc crypt()returning a NULL while dereferencing. This can be triggered via a specially formatted .htpassword entry that is then used to authenticate for example.
Created thttpd tracking bugs for this issue Affects: fedora-all [bug 887450]
Created thttpd tracking bugs for this issue Affects: epel-all [bug 887451]
Upstream fix: ------------- -> https://bugzilla.novell.com/show_bug.cgi?id=783165#c13
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.