Family: Web Servers --> Category: infos
Apache <= 1.3.33 htpasswd local overflow Vulnerability Scan
Vulnerability Scan Summary
Checks for Apache <= 1.3.33
Detailed Explanation for this Vulnerability Test
The remote host appears to be running Apache 1.3.33 or older.
There is a local buffer overflow in the 'htpasswd' command in these
versions that may allow a local user to gain elevated rights if
'htpasswd' is run setuid or a remote user to run arbitrary commands
remotely if the script is accessible through a CGI.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
See also : http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html
Solution : Make sure htpasswd does not run setuid and is not accessible
through any CGI scripts.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.