[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#322604: SECURITY: Vulnerable to CAN-2005-1344?

Package: apache2
Severity: grave
Tags: security

Hello Apache maintainers,

please check if Debian is vulnerable to CAN-2005-1344 and make sure it
enters http://www.debian.org/security/crossreferences or the not-vulnerable

"Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute
arbitrary code via a long realm argument. NOTE: since htdigest is normally
only locally accessible and not setuid or setgid, there are few attack
vectors which would lead to an escalation of privileges, unless htdigest is
executed from a CGI program. Therefore this may not be a vulnerability."



Reply to: