USN-120-1: Apache 2 vulnerability

6 May 2005

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Luca Ercoli discovered that the “htdigest” program did not perform any bounds checking when it copied the “user” and “realm” arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
apache2-utils
Ubuntu 4.10
apache2-utils

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References