Pavuk Digest Authentication Overflow

2004-07-27T04:04:36
ID OSVDB:8242
Type osvdb
Reporter Matthew Murphy(mattmurphy@kc.rr.com)
Modified 2004-07-27T04:04:36

Description

Vulnerability Description

A remote overflow exists in Pavuk. The program fails to properly check nonce and realm fields which accompany a digest authentication challenge upon the receipt of a 401 (unauthorized) http error resulting in an overflow in sprintf() in the digest authentication handler. With a specially crafted response, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Disable http digest authentication or upgrade to version 0.928r3 or higher, as it has been reported to fix this vulnerability.

Short Description

A remote overflow exists in Pavuk. The program fails to properly check nonce and realm fields which accompany a digest authentication challenge upon the receipt of a 401 (unauthorized) http error resulting in an overflow in sprintf() in the digest authentication handler. With a specially crafted response, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

References:

Secunia Advisory ID:12163 Secunia Advisory ID:12152 Other Advisory URL: http://www.net-security.org/vuln.php?id=3601 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-19.xml Other Advisory URL: http://www.securiteam.com/unixfocus/5QP0L2ADFC.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1119.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0105.html ISS X-Force ID: 16807 Generic Exploit URL: http://www.k-otik.com/exploits/08082004.Pavuk.c.php CVE-2004-1437 Bugtraq ID: 10797