Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
BID:13537
Info
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
| Bugtraq ID: | 13537 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1344 |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Vulnerability discovery credited to Luca Ercoli. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 IBM HTTP Server 1.3.19 Apple Mac OS X Server 10.3.9 Apache Apache 1.3.27 Apache Apache 1.3.26 Apache Apache 1.3.25 Apache Apache 1.3.24 Apache Apache 1.3.23 Apache Apache 1.3.22 Apache Apache 1.3.20 Apache Apache 1.3.19 Apache Apache 1.3.18 Apache Apache 1.3.17 Apache Apache 1.3.14 Apache Apache 1.3.12 Apache Apache 1.3.11 Apache Apache 1.3.9 Apache Apache 1.3.6 Apache Apache 1.3.4 Apache Apache 1.3.3 Apache Apache 1.3.1 Apache Apache 1.3 |
| Not Vulnerable: | |
Discussion
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers.
By supplying an overly long realm value to the command line options of htdigest, it is possible to trigger an overflow condition. This may cause memory to be corrupted with attacker-specified values.
This issue could be exploited by a remote attacker; potentially resulting in the execution of arbitrary system commands within the context of the web server process.
A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers.
By supplying an overly long realm value to the command line options of htdigest, it is possible to trigger an overflow condition. This may cause memory to be corrupted with attacker-specified values.
This issue could be exploited by a remote attacker; potentially resulting in the execution of arbitrary system commands within the context of the web server process.
Exploit / POC
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
"K sPecial" <[email protected]> provided the following proof of concept exploit (htdigest-realm-bof.c), an additional proof of concept (htexploit.c) was supplied by rod hedor:
"K sPecial" <[email protected]> provided the following proof of concept exploit (htdigest-realm-bof.c), an additional proof of concept (htexploit.c) was supplied by rod hedor:
Solution / Fix
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
Solution:
Ubuntu has released an advisory (USN-120-1) and fixes to address this and another issue. Please see the referenced advisory for further information.
Apple has release security advisory APPLE-SA-2005-08-15 addressing this and several other vulnerabilities. Please see the referenced advisory for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Apple Mac OS X Server 10.3.9
Solution:
Ubuntu has released an advisory (USN-120-1) and fixes to address this and another issue. Please see the referenced advisory for further information.
Apple has release security advisory APPLE-SA-2005-08-15 addressing this and several other vulnerabilities. Please see the referenced advisory for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-007Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07796&plat form=osx&method=sa/SecUpdSrvr2005-007Pan.dmg
References
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
References:
References:
- htdigest (Luca Ercoli)