Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Acme thttpd < 2.26 htpasswd Utility Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a vulnerable version of Acme thttpd. It is reported that versions prior to 2.26 contain a flaw within the 'htpasswd' utility. The htpasswd binary does not correctly verify the amount of data that it is parsing. Given this, a long argument passed to the htpasswd utility may cause a buffer overflow. An attacker exploiting this flaw would need to be able to find a system that calls htpasswd via a dynamic page (such as a CGI script). In addition, the application is vulnerable to a flaw in the way that it creates local temporary files. A local attacker exploiting this flaw would be able to modify or delete files with the privileges of the thttpd server process.

Solution

Upgrade to version 2.26 or higher.