Apache HTTP Server htdigest temporary file race condition
|apache-htdigest-tmpfile-race (10413)||Medium Risk|
Apache HTTP Server is vulnerable to a race condition in the support/htdigest.c:main(), caused by insecure temporary files. A local attacker could exploit this vulnerability to launch symlink attacks against the Apache password file, which could then be used to read and modify the contents of htdigest. This could allow an attacker to obtain user credentials and gain unauthorized access to sensitive information.
For Debian GNU/Linux containing the Apache package:
Upgrade to the latest Apache package, as listed below. Refer to DSA-187-1 for more information. See References.
Debian GNU/Linux 2.2 (potato): 1.3.9-14.3 or later
Debian GNU/Linux 3.0 (woody): 1.3.26-0woody3 or later
For Debian GNU/Linux containing the Apache-SSL package:
Upgrade to the latest Apache-SSL package, as listed below. Refer to DSA-188-1 for more information. See References.
Debian GNU/Linux 2.2 (potato): 22.214.171.124-4.2 or later
Debian GNU/Linux 3.0 (woody): 126.96.36.199+1.48-0woody3 or later
For other distributions:
Contact your vendor for upgrade or patch information.
- Apache Web site: Welcome! - The Apache HTTP Server Project.
- BugTraq Mailing List, Wed Oct 16 2002 - 17:32:26 CDT : Apache 1.3.26 .
- BID-5981: Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
- BID-5990: Apache HTPasswd Insecure Temporary File Vulnerability
- BID-5992: Apache HTDigest Insecure Temporary File Vulnerability
- CVE-2002-1233: A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
- DSA-187: apache -- several vulnerabilities
- DSA-188: apache-ssl -- several vulnerabilities
- DSA-195: apache-perl -- several vulnerabilities
- Apache HTTP Server 1.3.17
- Apache HTTP Server 1.3.18
- Apache HTTP Server 1.3.19
- Apache HTTP Server 1.3.20
- Apache HTTP Server 1.3.22
- Apache HTTP Server 1.3.23
- Apache HTTP Server 1.3.24
- Apache HTTP Server 1.3.25
- Apache HTTP Server 1.3.26
- Apache HTTP Server 1.3.27
- Debian Debian Linux 2.2
- Debian Debian Linux 3.0
Oct 16, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this