CVE - CVE-2006-1078

CVE-ID
CVE-2006-1078	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:16972 URL:http://www.securityfocus.com/bid/16972 BUGTRAQ:20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? URL:http://seclists.org/bugtraq/2004/Oct/0359.html BUGTRAQ:20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b. URL:http://www.securityfocus.com/archive/1/426823/100/0/threaded FULLDISC:20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory. URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html FULLDISC:20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33? URL:http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html FULLDISC:20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html FULLDISC:20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro URL:http://seclists.org/fulldisclosure/2023/Nov/13 MISC:http://issues.apache.org/bugzilla/show_bug.cgi?id=31975 MISC:http://issues.apache.org/bugzilla/show_bug.cgi?id=41279 MISC:http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html MLIST:[thttpd] 20060305 Re: htpasswd.c security issues URL:http://marc.info/?l=thttpd&m=114154083000296&w=2 MLIST:[thttpd] 20060305 htpasswd.c security issues URL:http://marc.info/?l=thttpd&m=114153031201867&w=2 XF:apache-htpasswd-strcpy-bo(31236) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/31236 XF:thttpd-command-file-bo(25216) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/25216
Assigning CNA
MITRE Corporation
Date Record Created
20060308	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060308)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)