CVE-2006-1078
CVSS7.2
发布时间 :2006-03-08 19:02:00
修订时间 :2016-10-17 23:39:21
NMCO    

[原文]Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.


[CNNVD] Acme Labs thttpd HTPasswd多个缓冲区溢出漏洞(CNNVD-200603-121)

        htpasswd中存在多个缓冲区溢出漏洞,当应用于Acme thttpd 2.25b(可能还有诸如Apache等其它产品)中时,本地用户可能通过以下途径获得特权:(1) 一个长的命令行参数和(2)文件中的一个长行。注意:由于htpasswd通常作为non-setuid程序安装,而这种钻漏洞是通过命令行来进行,或许该问题不应包含在CVE中。不过,如果有一些典型或推荐配置用到带sudo特权的htpasswd,或远程访问htpasswd的普通产品,那么它应该被包含其中。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1078
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1078
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-121
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html
(UNKNOWN)  FULLDISC  20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31975
(UNKNOWN)  MISC  http://issues.apache.org/bugzilla/show_bug.cgi?id=31975
http://issues.apache.org/bugzilla/show_bug.cgi?id=41279
(UNKNOWN)  MISC  http://issues.apache.org/bugzilla/show_bug.cgi?id=41279
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html
(UNKNOWN)  FULLDISC  20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability
http://marc.info/?l=thttpd&m=114153031201867&w=2
(UNKNOWN)  MLIST  [thttpd] 20060305 htpasswd.c security issues
http://marc.info/?l=thttpd&m=114154083000296&w=2
(UNKNOWN)  MLIST  [thttpd] 20060305 Re: htpasswd.c security issues
http://seclists.org/bugtraq/2004/Oct/0359.html
(UNKNOWN)  BUGTRAQ  20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html
(UNKNOWN)  FULLDISC  20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?
http://www.securityfocus.com/archive/1/archive/1/426823/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.
http://www.securityfocus.com/bid/16972
(UNKNOWN)  BID  16972
http://xforce.iss.net/xforce/xfdb/25216
(UNKNOWN)  XF  thttpd-command-file-bo(25216)
http://xforce.iss.net/xforce/xfdb/31236
(UNKNOWN)  XF  apache-htpasswd-strcpy-bo(31236)

- 漏洞信息

Acme Labs thttpd HTPasswd多个缓冲区溢出漏洞
高危 缓冲区溢出
2006-03-08 00:00:00 2006-08-03 00:00:00
远程※本地  
        htpasswd中存在多个缓冲区溢出漏洞,当应用于Acme thttpd 2.25b(可能还有诸如Apache等其它产品)中时,本地用户可能通过以下途径获得特权:(1) 一个长的命令行参数和(2)文件中的一个长行。注意:由于htpasswd通常作为non-setuid程序安装,而这种钻漏洞是通过命令行来进行,或许该问题不应包含在CVE中。不过,如果有一些典型或推荐配置用到带sudo特权的htpasswd,或远程访问htpasswd的普通产品,那么它应该被包含其中。

- 公告与补丁

        目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本.

- 漏洞信息

23828
thttpd htpasswd Multiple Local Overflows
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

thttpd contains a flaw that may allow a malicious local user to execute privileged commands. The issue is triggered when a user calls the 'htpasswd' utility but supplies arbitrary commands along with a username to be added to a password file. It is possible that the flaw may allow the user to bypass the required authentication and execute arbitrary programs with privileged access.

- 时间线

2006-03-05 Unknow
2006-03-05 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站