Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Acme Labs thttpd HTPasswd多个缓冲区溢出漏洞
Vulnerability Description
htpasswd中存在多个缓冲区溢出漏洞,当应用于Acme thttpd 2.25b(可能还有诸如Apache等其它产品)中时,本地用户可能通过以下途径获得特权:(1) 一个长的命令行参数和(2)文件中的一个长行。注意:由于htpasswd通常作为non-setuid程序安装,而这种钻漏洞是通过命令行来进行,或许该问题不应包含在CVE中。不过,如果有一些典型或推荐配置用到带sudo特权的htpasswd,或远程访问htpasswd的普通产品,那么它应该被包含其中。
CVSS Information
N/A
Vulnerability Type
N/A