Bug#307134: CAN-2005-1344 htdigest buffer overflow

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#307134: CAN-2005-1344 htdigest buffer overflow
From: Joey Hess <joeyh@debian.org>
Date: Sat, 30 Apr 2005 23:49:04 -0400
Message-id: <[🔎] 20050501034904.GA21790@kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 307134@bugs.debian.org

Package: apache2
Severity: normal
Tags: security

I've verified that the htdigest from apache2 has the buffer overflow
described at http://www.lucaercoli.it/advs/htdigest.txt

I dont know of any exploit vectors, as noted it doiesn't work unless
something passes user-supplied parameters to htdigest or its made suid.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686-smp
Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968)

-- 
see shy jo

Reply to:

Prev by Date: APACHE-SSL 1.3.33-4 & PHP 4.3.10-13 :::: [notice] child pid 7290 exit signal Segmentation fault (11)
Previous by thread: Bug#256510: Apache2 .htaccess ErrorDocument
Index(es):
- Date
- Thread