Apache HTTP Server htdigest user Variable Overfow

2002-10-16T22:32:26
ID OSVDB:18233
Type osvdb
Reporter David Wagner(daw@cs.berkeley.edu)
Modified 2002-10-16T22:32:26

Description

Vulnerability Description

A local overflow exists in Apache htdigest. The program fails to validate the length of the supplied 'user' variable resulting in a buffer overflow. With a specially crafted request, an attacker may be able to cause arbitrary code execution resulting in a loss of integrity.

Technical Description

The program htdigest is not SUID/SGID by default and can not be leveraged for additional privileges as a result of a default installation. This vulnerability only manifests if an administrator adds SUID or SGID privileges to the program, or if another program invokes it with increased privileges. It could also allow an attack vector if called from a web page.

Solution Description

Upgrade to version 1.3.28 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Apache htdigest. The program fails to validate the length of the supplied 'user' variable resulting in a buffer overflow. With a specially crafted request, an attacker may be able to cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://httpd.apache.org/ Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=103480856102007&w=2 ISS X-Force ID: 10414 CVE-2002-1658 Bugtraq ID: 5993