Bug#322604: SECURITY: Vulnerable to CAN-2005-1344?

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#322604: SECURITY: Vulnerable to CAN-2005-1344?
From: Christian Hammers <ch@debian.org>
Date: Thu, 11 Aug 2005 20:07:12 +0200
Message-id: <[🔎] 20050811180712.02FF53700A6@xeniac.intern>
Reply-to: Christian Hammers <ch@debian.org>, 322604@bugs.debian.org

Package: apache2
Severity: grave
Tags: security

Hello Apache maintainers,

please check if Debian is vulnerable to CAN-2005-1344 and make sure it
enters http://www.debian.org/security/crossreferences or the not-vulnerable
lists.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344
"Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute
arbitrary code via a long realm argument. NOTE: since htdigest is normally
only locally accessible and not setuid or setgid, there are few attack
vectors which would lead to an escalation of privileges, unless htdigest is
executed from a CGI program. Therefore this may not be a vulnerability."

thanks,

-christian-

Reply to:

Follow-Ups:
- Bug#322604: SECURITY: Vulnerable to CAN-2005-1344?
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Processed: Apache 1.3 also vulnerable?
Next by Date: Bug#322613: Processed: Apache 1.3 also vulnerable?
Previous by thread: Bug#322613: Processed: Apache 1.3 also vulnerable?
Next by thread: Bug#322604: SECURITY: Vulnerable to CAN-2005-1344?
Index(es):
- Date
- Thread