Bug#307134: marked as done (CAN-2005-1344 htdigest buffer overflow)

To: Adam Conrad <adconrad@0c3.net>
Cc: Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Bug#307134: marked as done (CAN-2005-1344 htdigest buffer overflow)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 05 May 2005 21:03:09 -0700
Message-id: <[🔎] handler.307134.D307134.11153516665782.ackdone@bugs.debian.org>
In-reply-to: <E1DTto4-0000aG-00@newraff.debian.org>
References: <E1DTto4-0000aG-00@newraff.debian.org> <20050501034904.GA21790@kitenet.net>
Your message dated Thu, 05 May 2005 23:47:16 -0400
with message-id <E1DTto4-0000aG-00@newraff.debian.org>
and subject line Bug#307134: fixed in apache2 2.0.54-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 1 May 2005 03:49:08 +0000
>From joey@kitenet.net Sat Apr 30 20:49:07 2005
Return-path: <joey@kitenet.net>
Received: from kitenet.net [64.62.161.42] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DS5S7-00041g-00; Sat, 30 Apr 2005 20:49:07 -0700
Received: by kitenet.net (Postfix, from userid 500)
	id BBC6317FB5; Sun,  1 May 2005 03:49:04 +0000 (GMT)
Date: Sat, 30 Apr 2005 23:49:04 -0400
From: Joey Hess <joeyh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-1344 htdigest buffer overflow
Message-ID: <20050501034904.GA21790@kitenet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Reportbug-Version: 3.9
User-Agent: Mutt/1.5.9i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: apache2
Severity: normal
Tags: security

I've verified that the htdigest from apache2 has the buffer overflow
described at http://www.lucaercoli.it/advs/htdigest.txt

I dont know of any exploit vectors, as noted it doiesn't work unless
something passes user-supplied parameters to htdigest or its made suid.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686-smp
Locale: LANG=3D, LC_CTYPE=3D (charmap=3DANSI_X3.4-1968)

--=20
see shy jo

---------------------------------------
Received: (at 307134-close) by bugs.debian.org; 6 May 2005 03:54:26 +0000
>From katie@ftp-master.debian.org Thu May 05 20:54:26 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DTtuz-0001V4-00; Thu, 05 May 2005 20:54:25 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1DTto4-0000aG-00; Thu, 05 May 2005 23:47:16 -0400
From: Adam Conrad <adconrad@0c3.net>
To: 307134-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#307134: fixed in apache2 2.0.54-3
Message-Id: <E1DTto4-0000aG-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 05 May 2005 23:47:16 -0400
Delivered-To: 307134-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 4

Source: apache2
Source-Version: 2.0.54-3

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-3_i386.deb
apache2-common_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-common_2.0.54-3_powerpc.deb
apache2-doc_2.0.54-3_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-3_all.deb
apache2-mpm-perchild_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-3_i386.deb
apache2-mpm-perchild_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-3_powerpc.deb
apache2-mpm-prefork_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-3_i386.deb
apache2-mpm-prefork_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-3_powerpc.deb
apache2-mpm-threadpool_2.0.54-3_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-3_all.deb
apache2-mpm-worker_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-3_i386.deb
apache2-mpm-worker_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-3_powerpc.deb
apache2-prefork-dev_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-3_i386.deb
apache2-prefork-dev_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-3_powerpc.deb
apache2-threaded-dev_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-3_i386.deb
apache2-threaded-dev_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-3_powerpc.deb
apache2-utils_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-3_i386.deb
apache2-utils_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-3_powerpc.deb
apache2_2.0.54-3.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-3.diff.gz
apache2_2.0.54-3.dsc
  to pool/main/a/apache2/apache2_2.0.54-3.dsc
apache2_2.0.54-3_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-3_i386.deb
apache2_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/apache2_2.0.54-3_powerpc.deb
libapr0-dev_2.0.54-3_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-3_i386.deb
libapr0-dev_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-3_powerpc.deb
libapr0_2.0.54-3_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-3_i386.deb
libapr0_2.0.54-3_powerpc.deb
  to pool/main/a/apache2/libapr0_2.0.54-3_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 307134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  5 May 2005 03:45:24 -0600
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: all i386 powerpc source 
Version: 2.0.54-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 296728 304786 306481 307134 307567
Changes: 
 apache2 (2.0.54-3) unstable; urgency=medium
 .
   * Add 042_htdigest_CAN-2005-1344 to fix a buffer overflow in
     htdigest, which is described in CAN-2005-1344 (closes: #307134)
   * Add 041_util_ldap_fix.patch from upstream bug #34618 to fix
     issues with mod_auth_ldap sometimes segfaulting and sometimes
     locking up and spinning the CPU to oblivion (closes: #307567)
   * Alter 011_fix_ap-config to make apr-config point us at the system
     libtool, and make libapr0-dev depend on libtool (closes: #306481)
   * Alter 008_make_include_safe to prevent apache2 from including dpkg
     conffile leftovers (.dpkg-old et al) (closes: #304786, #296728)
Files: 
 123d947f5a4ca934d8dec9ab6693beba 107092 net optional apache2_2.0.54-3.diff.gz
 1782f4dceeea8d3b44506862ab6c693a 214094 net optional apache2-mpm-perchild_2.0.54-3_powerpc.deb
 20ef5301f6ad02a983d64c71ed859b95 133742 net optional libapr0_2.0.54-3_powerpc.deb
 2b435876624bbe8d16bcb765fdaef3df 209128 net optional apache2-mpm-prefork_2.0.54-3_powerpc.deb
 356fb1b305118b0e3e07a7b102d10d73 1141 net optional apache2_2.0.54-3.dsc
 418c8446881b873616d2d462dd5b73c7 258970 libdevel optional libapr0-dev_2.0.54-3_i386.deb
 541768488a9f83a3cbff5fb0f9179167 167850 devel optional apache2-threaded-dev_2.0.54-3_i386.deb
 68ea32fca554b39d3240e01be0316b71 129754 net optional libapr0_2.0.54-3_i386.deb
 7a7c387878af6b5ac5fbf0663ad4d3d4 798042 net optional apache2-common_2.0.54-3_i386.deb
 7ad5c5ac80d1ea48aa07694f0ef013e0 167108 devel optional apache2-prefork-dev_2.0.54-3_i386.deb
 86200e8fa3aade541879e964615d7a36 32896 web optional apache2_2.0.54-3_powerpc.deb
 87c40183d1f17f1f6923c46a56642d66 167112 devel optional apache2-prefork-dev_2.0.54-3_powerpc.deb
 88fde2b9a4d25f04fa9cb639c8d51b18 32894 web optional apache2_2.0.54-3_i386.deb
 95d8c835a87931a954310843957cc8da 205790 net optional apache2-mpm-worker_2.0.54-3_i386.deb
 afbdc4887f30e13e69312dd6870f980b 167848 devel optional apache2-threaded-dev_2.0.54-3_powerpc.deb
 bb1e41377401b880e9ff303d0184cd00 271438 libdevel optional libapr0-dev_2.0.54-3_powerpc.deb
 bff4b26cc4da1e6cc047940262dab070 213172 net optional apache2-mpm-worker_2.0.54-3_powerpc.deb
 c292d5e914e6b64a413a0b0534cbf046 101518 net optional apache2-utils_2.0.54-3_powerpc.deb
 cc9ec8bddd3f6cf5e451b4372b9cf651 202332 net optional apache2-mpm-prefork_2.0.54-3_i386.deb
 e41904c40c5bb5549f8092a31b6bcec4 854506 net optional apache2-common_2.0.54-3_powerpc.deb
 e427d7f1a93c06b692203229e993d250 206184 net optional apache2-mpm-perchild_2.0.54-3_i386.deb
 e6e554b30d88ae1a84209ec81b1677f8 3860812 doc optional apache2-doc_2.0.54-3_all.deb
 fcd845721c9a48576e25bda677fad97e 32970 net optional apache2-mpm-threadpool_2.0.54-3_all.deb
 ff8d9fdb8c352a26ff36489a510b429e 90480 net optional apache2-utils_2.0.54-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCeuRXvjztR8bOoMkRArQLAKCyaZpEvacnyTFFx1hpZjp+0zRV7wCePJOB
FJvLlzIpn4xBwerErzqqnaU=
=bDxA
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Bug#306481: marked as done (libapr0-dev: apr-config points to non-existent libtool)
Next by Date: Come chat.. if you think you can handle me:;-)
Previous by thread: Bug#306481: marked as done (libapr0-dev: apr-config points to non-existent libtool)
Next by thread: Come chat.. if you think you can handle me:;-)
Index(es):
- Date
- Thread