Bugtraq: Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

From: Henning Brauer <henning () openbsd org>
Date: Mon, 1 Nov 2004 16:55:22 +0100

* Larry Cashdollar <lwc () vapid ath cx> [2004-10-30 10:49]:

This was posted on the full-disclosure list sept 16 2004 by
Luiz Fernando.

http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html

The nessus check for this vulnerability recommends upgrading to
Apache version 1.3.32:

http://cgi.nessus.org/plugins/dump.php3?id=14771

But in Apache 1.3.33:

lachoy# grep strcpy /install/src/apache_1.3.33/src/support/htpasswd.c
    strcpy(record, user);
        strcpy(pwfilename, argv[i]);
    strcpy(user, argv[i + 1]);
        strcpy(password, argv[i + 2]);
            strcpy(scratch, line);

It is still vulnerable.


This was fixed in OpenBSD's apache 2003/04/08, over 18 months ago.

By Date By Thread

Current thread:

Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Anton R Ivanov (Nov 01)
- <Possible follow-ups>
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Henning Brauer (Nov 02)