Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-133-1] Apache utility vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-133-1] Apache utility vulnerability
Date: Thu, 26 May 2005 14:42:58 +0200 
===========================================================
Ubuntu Security Notice USN-133-1               May 26, 2005
apache vulnerability
http://xforce.iss.net/xforce/xfdb/17413
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the "htpasswd" utility. This could
be exploited to execute arbitrary code with the privileges of the user
invoking htpasswd. This is only a security vulnerability if you have a
website that offers a public interface to htpasswd without checking
the input beforehand; however, this is very unusual.


  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.diff.gz
      Size/MD5:   370216 e4b146fdb5a84579cf72543dcba25278
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.dsc
      Size/MD5:     1102 695ade9c26134605755f605d8de5c829
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.diff.gz
      Size/MD5:   370555 e3b320d767ecddf64a4c439dcf69a20a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.dsc
      Size/MD5:     1102 a686975f257bfdbf6cc5cb3b7eb33fc0
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:   329680 ea1b574aba9bca4c3ac298b5bfd24fc8
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:  1186734 9a5f2ca0ed6a222a61fa646145ce2840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   873476 ede05d37c8b5ac6566aa31104493894a
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:  9131366 2b06dc22c63cbf20521bda43e715dd28
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   520708 8f81def40bf552cb50a3f36123375880
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   510738 1d033b2179669b4450af2e5ee1077c13
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   271492 ea3f8ba1ede1456edbacfcc8233b7c37
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   398240 b6973f41949ba3a9f6634887d02eb861
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_amd64.deb
      Size/MD5:   491604 1f0450ce55f9fc7a2204790900cdd289

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   838554 613569f8f1f8e2142308cf3ee8d98484
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:  9080588 68a2c0dd50fa206c6934e9be3ef130fb
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   494356 bc7952904183ca0c78dec618a5b7b10f
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   484052 036bbeea1f293a9f76a03cb593628ddd
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   265296 620c32f9fc129cfd6e28bd3fbb7abe95
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   377510 b95d6936e5c65389f43ab5a9c7bc19b4
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_i386.deb
      Size/MD5:   484974 9447a769568c36df5a365c46f6de30c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   917590 308c593f853c66f850ee26ad033cbbf0
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:  9226022 7e832b879a9ff0660f6e68d5e08c37ba
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   511372 35a07437c37d73b22e3901089942c238
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   507178 b8bef2e3cb964a064c97cd834300d5c2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   278630 5c2b8515f4792bc6851e9dd5e9c55a05
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   395680 b8eb63089f5e6f584ae952c12e6c0c0c
    
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_powerpc.deb
      Size/MD5:   488976 5d2e37fca4d74b40d0f57abd5190df67

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-133-1] Apache utility vulnerability, Martin Pitt <=
Previous by Date:  [Full-disclosure] [ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez
Next by Date:  Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug
Previous by Thread:  [Full-disclosure] [ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez
Next by Thread:  [Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]