Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability

Bugtraq ID: 13537
Class: Boundary Condition Error
CVE: CVE-2005-1344
Remote: Yes
Local: No
Published: May 06 2005 12:00AM
Updated: Jul 12 2009 02:06PM
Credit: Vulnerability discovery credited to Luca Ercoli.
Vulnerable: Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
IBM HTTP Server 1.3.19
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Redhat Linux 7.1
- Sun Solaris 7.0
 - Sun Solaris 2.6
 - SuSE Linux 7.1
Apple Mac OS X Server 10.3.9
Apache Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
 + HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
 + Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
 + OpenPKG OpenPKG Current
 + Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 + Redhat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Apache 1.3.26
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Apache 1.3.25
Apache Apache 1.3.24
+ OpenBSD OpenBSD 3.1
 + Oracle Oracle HTTP Server 9.2 .0
 + Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
 + Oracle Oracle9i Application Server 1.0.2 .1s
 + Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ SuSE Linux 8.0 i386
 + SuSE Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ Redhat Linux 7.2 ia64
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 Apache Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
 + SGI IRIX 6.5.14 f
 + SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
 + SGI IRIX 6.5.13 f
 + SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
 + SGI IRIX 6.5.12 f
 + SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
 + Sun Solaris 9_x86
 + Sun Solaris 9
 + Sun SunOS 5.9 _x86
 + Sun SunOS 5.9
+ SuSE Linux 7.3 sparc
 + SuSE Linux 7.3 ppc
 + SuSE Linux 7.3 i386
 + SuSE Linux 7.3
Apache Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
 + EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
 - HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
 - Redhat Linux 7.1
- Redhat Linux 7.0
- Redhat Linux 6.2
 - SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 + SuSE Linux 7.2 i386
 + SuSE Linux 7.2
+ SuSE Linux 7.1 x86
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.1
+ SuSE Linux 7.0 sparc
 + SuSE Linux 7.0 ppc
 + SuSE Linux 7.0 i386
 + SuSE Linux 7.0 alpha
 + SuSE Linux 7.0
+ SuSE Linux 6.4 ppc
 + SuSE Linux 6.4 i386
 + SuSE Linux 6.4 alpha
 + SuSE Linux 6.4
Apache Apache 1.3.18
Apache Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ SuSE Linux 7.1
Apache Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 + Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
+ SuSE Linux 7.0 sparc
 + SuSE Linux 7.0
Apache Apache 1.3.11
Apache Apache 1.3.9
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
 + Sun Solaris 8_sparc
 + Sun SunOS 5.8 _x86
 + Sun SunOS 5.8
Apache Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Apache 1.3.3
+ Redhat Linux 5.2 sparc
 + Redhat Linux 5.2 i386
 + Redhat Linux 5.2 alpha
 Apache Apache 1.3.1
Apache Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus