Bug#307134: CAN-2005-1344 htdigest buffer overflow
Package: apache2
Severity: normal
Tags: security
I've verified that the htdigest from apache2 has the buffer overflow
described at http://www.lucaercoli.it/advs/htdigest.txt
I dont know of any exploit vectors, as noted it doiesn't work unless
something passes user-supplied parameters to htdigest or its made suid.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686-smp
Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968)
--
see shy jo
Reply to: