CVE-2005-1344
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-10 15:38:47
NMCOPS    

[原文]Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.


[CNNVD]Apache HTDigest域命令行参数溢出漏洞(CNNVD-200505-284)

        Apache是一款流行的WEB服务程序,htdigest是其中捆绑的一个工具,用于为HTTP用户的摘要认证创建和更新用户名,域和口令。
        htdigest程序对于参数的处理缺少充分的缓冲区边界检查,本地攻击者可能利用此漏洞在主机上执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1344
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1344
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-284
(官方数据源) CNNVD

- 其它链接及资源

http://www.securiteam.com/unixfocus/5EP061FEKC.html
(UNKNOWN)  MISC  http://www.securiteam.com/unixfocus/5EP061FEKC.html
http://www.osvdb.org/12848
(UNKNOWN)  OSVDB  12848
http://www.lucaercoli.it/advs/htdigest.txt
(UNKNOWN)  MISC  http://www.lucaercoli.it/advs/htdigest.txt
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2005-05-03
http://www.securityfocus.com/bid/13537
(UNKNOWN)  BID  13537
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-08-15
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2005-08-17

- 漏洞信息

Apache HTDigest域命令行参数溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
远程※本地  
        Apache是一款流行的WEB服务程序,htdigest是其中捆绑的一个工具,用于为HTTP用户的摘要认证创建和更新用户名,域和口令。
        htdigest程序对于参数的处理缺少充分的缓冲区边界检查,本地攻击者可能利用此漏洞在主机上执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://jakarta.apache.org/tomcat/index.html" target="_blank"

- 漏洞信息 (F39093)

Ubuntu Security Notice 120-1 (PacketStormID:F39093)
2005-08-06 00:00:00
Ubuntu  ubuntu.com
advisory,remote,arbitrary,local,cgi
linux,ubuntu
CVE-2005-1344
[点击下载]

Ubuntu Security Notice USN-120-1 - Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.

===========================================================
Ubuntu Security Notice USN-120-1	       May 06, 2005
apache2 vulnerability
CAN-2005-1344
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

apache2-utils

The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Luca Ercoli discovered that the "htdigest" program did not perform any
bounds checking when it copied the "user" and "realm" arguments into
local buffers. If this program is used in remotely callable CGI
scripts, this could be exploited by a remote attacker to execute
arbitrary code with the privileges of the CGI script.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.diff.gz
      Size/MD5:    98267 87586b5cb510061595cef66338581a79
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.dsc
      Size/MD5:     1151 a9513abc00ea2349450bc41893924934
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
      Size/MD5:  6321209 9d0767f8a1344229569fcd8272156f8b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:  3178132 1e9d1e7ac590566418bee5afc0aa49a2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:   163566 b261a2b9a55de3ad5a442a907de01ebb
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:   164312 b84bcf4e053a51cd8301df3401e3e2b2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   864476 cf93d873c7977092835a357e988092e4
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   230190 c0e93260cb0393d13587718a47c7b45b
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   225342 8f120306e1c71496fef963891541c405
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   228774 25b87218b42035965567440434cf52b3
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   229344 da3093352e24225be0238dc666ef9cfb
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:    29800 160aa26592c557ee6e7a46cf1a0e2960
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   275310 daf38c889708fda550182c9d483b0230
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   133252 67a0f7ef5009e90101638b3a298b6e3f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   825786 4b6f3ca0efb794bf7740837062c479fc
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   209170 7d293b865d950cc5d05466963653bb7f
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   205394 25b99fbd9226fb46251dac7124142936
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   208042 23c67fc8862c995f096bdfc3e7b3e692
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   208476 1f353dd0d64128b99e7c9792d996ba4a
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:    29808 49fae153ca436da85a3a9d666e07044a
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   253274 cd7d0c90906691ca0399a82a410d6082
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   123972 3020312e5282fabf9c2656b1324391e3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   903634 cb3389870d788eda54536e47157f0347
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   222798 499b94a9f6841b9da69419115d84f635
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   217804 d95bc9eb5b22926f0fb22acfba61a6ee
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   220968 dbd2a97b2b578e6764ff5d4d8970c2d9
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   221576 a7cca9a4b76f5083f43260122275a7ce
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:    29806 d1cc1c63cc85d158473c7e0046272936
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   269076 20737e649d99a193903b4f0e0fe5a583
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   130578 f29d8ca28893d687efe9ffd4585c2abb

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.diff.gz
      Size/MD5:   105830 f19f392f87e39389da168006afc18f89
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.dsc
      Size/MD5:     1159 81a2017e0536fadf7bc2a40b9be54aca
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz
      Size/MD5:  6925351 40507bf19919334f07355eda2df017e5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.1_all.deb
      Size/MD5:  3578168 67c51a790160e24bf93c0ac786c81b3e
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.1_all.deb
      Size/MD5:    33596 0a4b96294be9f2dfa548c6de9d46e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   825872 0002ddfccd994ca6026f6be3c975bcfe
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   220892 528f92368df98af9bcefcd1fb1a134d7
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   216428 27b2da096b9fd64b6794592e76f2cff5
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   219824 59cd86376b876f102589fb65c7fcd156
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   167266 f64176450d54e6e4b10d6ede5ff366bb
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   168060 acdd5e8c1ed883d538bcb51c5cc3d16c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:    92732 1019e7ccb24cc0ed4cdc9a7c32dc5009
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:    33522 c3b5ac52fc94e266d37d1c0dac960fdb
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   278884 9ba58e2af006050c8e3f80bbfb57bcc3
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   137382 79c0405522bebe834c2e6b99795b720a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   788586 0211beba06e7e2774df5fba57badfade
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   201064 68b06d7c7a59dee404ec462a37ca5011
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   196892 170f0ce0c87f29438957316ec2ec0122
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   200354 8f6d7094d11774b85aa8c6c11bc750c1
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   167266 c38b18adb268f882b2b42b81157ab631
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   168058 7738f68bede8476d51d2608857a3cd39
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:    90456 51bf7881c66bcf5c694ee9e596ab1cc1
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:    33520 ba391b0999fcd1b4206f87065fb0f48c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   256802 a3a624b345018c54f091ccea0e9da41c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   128064 734d5122ec076a54f6e76410f6a1245e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   855108 1dfc0c0da261db28527c18cb74aad068
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   214136 5f02f57b520924f15aa76eda2d080956
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   209138 0c583de044adfcc776d1379e670dc3c6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   213150 bc7d7e9151dd51e29205d17b3b0414e2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   167268 e9e17dfbf9c96df0b403a189cef90042
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   168050 b6f72f186997b75aab014c3082fcfa71
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   102106 fa4df0db982df921c232e2913c71ef89
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:    33522 3ee1c98a1ea5dc77269d833b18df79d4
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   272108 099cf2448a2cf6801cd173329637f2bf
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   134342 94baf66057345048d892236dd3960019
    

- 漏洞信息

12848
Apache HTTP Server htdigest realm Variable Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
Boundary Condition Error 13537
Yes No
2005-05-06 12:00:00 2009-07-12 02:06:00
Vulnerability discovery credited to Luca Ercoli.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
IBM HTTP Server 1.3.19
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1
- S.u.S.E. Linux 7.1
- Sun Solaris 7.0
- Sun Solaris 2.6
Apple Mac OS X Server 10.3.9
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun SunOS 5.9 _x86
+ Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0

- 漏洞讨论

A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers.

By supplying an overly long realm value to the command line options of htdigest, it is possible to trigger an overflow condition. This may cause memory to be corrupted with attacker-specified values.

This issue could be exploited by a remote attacker; potentially resulting in the execution of arbitrary system commands within the context of the web server process.

- 漏洞利用

"K sPecial" <kspecial@linuxmail.org> provided the following proof of concept exploit (htdigest-realm-bof.c), an additional proof of concept (htexploit.c) was supplied by rod hedor:

- 解决方案

Ubuntu has released an advisory (USN-120-1) and fixes to address this and another issue. Please see the referenced advisory for further information.

Apple has release security advisory APPLE-SA-2005-08-15 addressing this and several other vulnerabilities. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Apple Mac OS X Server 10.3.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站