CVE Reference: CVE-2005-1344

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-1344

Description:
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVE Status:
Candidate

References:

OSVDB
  12848

MISC
  http://www.lucaercoli.it/advs/htdigest.txt
  http://www.securiteam.com/unixfocus/5EP061FEKC.html

BID
  13537

APPLE
  http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
  http://lists.apple.com/archives/security-announce/2005//Aug/msg00000.html
  http://lists.apple.com/archives/security-announce/2005/May/msg00001.html


Return to the previous page.