CVE-2006-1079
Summary
| CVE | CVE-2006-1079 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-03-09 00:02:00 UTC |
| Updated | 2023-11-28 17:15:00 UTC |
| Description | htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Acme Labs thttpd HTPasswd Multiple Vulnerabilities | BID | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| 23828 | OSVDB | www.osvdb.org | |
| m-privacy TightGate-Pro Code Execution / Insecure Permissions ≈ Packet Storm | packetstormsecurity.com | ||
| '[THTTPD] htpasswd.c security issues.' - MARC | MLIST | marc.info | |
| 'Re: [THTTPD] htpasswd.c security issues.' - MARC | MLIST | marc.info | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Full Disclosure: SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro | seclists.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.