N/A

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

N/A

N/A

Apahce HTDigest和HTPasssWD组件多个本地漏洞

Apache是一款免费开放源代码的WEB服务程序。 Apache存在多个漏洞可以导致安全问题，本地攻击者可以利用这些漏洞进行修改Apache密码文件内容等攻击。 1、support/htpasswd.c中存在竞争条件漏洞： main() tempfilename = tmpnam(tname_buf); ftemp = fopen(tempfilename， "w+"); ... copy_file(ftemp， fpw); 当管理员运行htpasswd时攻击者利用这个漏洞可导致任意本地用户可以读取、修改

N/A

N/A