Apache HTTP Server htdigest temporary file race condition

apache-htdigest-tmpfile-race (10413) The risk level is classified as MediumMedium Risk

Description:

Apache HTTP Server is vulnerable to a race condition in the support/htdigest.c:main(), caused by insecure temporary files. A local attacker could exploit this vulnerability to launch symlink attacks against the Apache password file, which could then be used to read and modify the contents of htdigest. This could allow an attacker to obtain user credentials and gain unauthorized access to sensitive information.


Consequences:

File Manipulation

Remedy:

For Debian GNU/Linux containing the Apache package:
Upgrade to the latest Apache package, as listed below. Refer to DSA-187-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 1.3.9-14.3 or later
Debian GNU/Linux 3.0 (woody): 1.3.26-0woody3 or later

For Debian GNU/Linux containing the Apache-SSL package:
Upgrade to the latest Apache-SSL package, as listed below. Refer to DSA-188-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 1.3.9.13-4.2 or later
Debian GNU/Linux 3.0 (woody): 1.3.26.1+1.48-0woody3 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • Apache Web site: Welcome! - The Apache HTTP Server Project.
  • BugTraq Mailing List, Wed Oct 16 2002 - 17:32:26 CDT : Apache 1.3.26 .
  • BID-5981: Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
  • BID-5990: Apache HTPasswd Insecure Temporary File Vulnerability
  • BID-5992: Apache HTDigest Insecure Temporary File Vulnerability
  • CVE-2002-1233: A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
  • DSA-187: apache -- several vulnerabilities
  • DSA-188: apache-ssl -- several vulnerabilities
  • DSA-195: apache-perl -- several vulnerabilities

Platforms Affected:

  • Apache HTTP Server 1.3.17
  • Apache HTTP Server 1.3.18
  • Apache HTTP Server 1.3.19
  • Apache HTTP Server 1.3.20
  • Apache HTTP Server 1.3.22
  • Apache HTTP Server 1.3.23
  • Apache HTTP Server 1.3.24
  • Apache HTTP Server 1.3.25
  • Apache HTTP Server 1.3.26
  • Apache HTTP Server 1.3.27
  • Debian Debian Linux 2.2
  • Debian Debian Linux 3.0

Reported:

Oct 16, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page