Bugtraq mailing list archives
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
From: Henning Brauer <henning () openbsd org>
Date: Mon, 1 Nov 2004 16:55:22 +0100
* Larry Cashdollar <lwc () vapid ath cx> [2004-10-30 10:49]:
This was posted on the full-disclosure list sept 16 2004 by Luiz Fernando. http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html The nessus check for this vulnerability recommends upgrading to Apache version 1.3.32: http://cgi.nessus.org/plugins/dump.php3?id=14771 But in Apache 1.3.33: lachoy# grep strcpy /install/src/apache_1.3.33/src/support/htpasswd.c strcpy(record, user); strcpy(pwfilename, argv[i]); strcpy(user, argv[i + 1]); strcpy(password, argv[i + 2]); strcpy(scratch, line); It is still vulnerable.
This was fixed in OpenBSD's apache 2003/04/08, over 18 months ago.
Current thread:
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Anton R Ivanov (Nov 01)
- <Possible follow-ups>
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Henning Brauer (Nov 02)