ID CVE-2005-1344
Summary Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.52
    cpe:2.3:a:apache:http_server:2.0.52
CVSS
Base: 7.5 (as of 10-05-2005 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2). CVE-2005-1344 . Remote exploit for unix platform
    id EDB-ID:25625
    last seen 2016-02-03
    modified 2005-05-11
    published 2005-05-11
    reporter K-sPecial
    source https://www.exploit-db.com/download/25625/
    title Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability 2
  • description Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1). CVE-2005-1344 . Remote exploit for unix platform
    id EDB-ID:25624
    last seen 2016-02-03
    modified 2005-05-06
    published 2005-05-06
    reporter Luca Ercoli
    source https://www.exploit-db.com/download/25624/
    title Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability 1
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 19463
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19463
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2005-005.NASL
    description The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN These programs have multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 18189
    published 2005-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18189
    title Mac OS X Multiple Vulnerabilities (Security Update 2005-005)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-120-1.NASL
    description Luca Ercoli discovered that the 'htdigest' program did not perform any bounds checking when it copied the 'user' and 'realm' arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20509
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20509
    title Ubuntu 4.10 / 5.04 : apache2 vulnerability (USN-120-1)
refmap via4
apple
  • APPLE-SA-2005-05-03
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
bid 13537
misc
osvdb 12848
statements via4
contributor Mark J Cox
lastmodified 2007-12-04
organization Red Hat
statement Red Hat does not consider this to be a vulnerability. htdigest is not supplied setuid or setgid and should not be run from a CGI program.
Last major update 10-09-2008 - 15:38
Published 02-05-2005 - 00:00
Back to Top