| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52677 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-120-1 (apache2) |
| Summary: | Ubuntu USN-120-1 (apache2) |
| Description: | The remote host is missing an update to apache2 announced via advisory USN-120-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: apache2-utils Details follow: Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script. Solution: The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-120-1 Risk factor : High |
| Cross-Ref: |
BugTraq ID: 13537 Common Vulnerability Exposure (CVE) ID: CVE-2005-1344 http://www.lucaercoli.it/advs/htdigest.txt http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://www.securiteam.com/unixfocus/5EP061FEKC.html http://www.securityfocus.com/bid/13537 http://www.osvdb.org/12848 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.