CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.osvdb.org/23828
http://www.securityfocus.com/bid/16972
http://marc.info/?l=thttpd&m=114153031201867&w=2
http://marc.info/?l=thttpd&m=114154083000296&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/25217
http://www.securityfocus.com/archive/1/426823/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*

Information

Published : 2006-03-08 16:02

Updated : 2018-10-18 09:30

NVD link : CVE-2006-1079

Mitre link : CVE-2006-1079

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

acme_labs

thttpd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/23828", "name": "23828", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/16972", "name": "16972", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=thttpd&m=114153031201867&w=2", "name": "[thttpd] 20060305 htpasswd.c security issues", "tags": [], "refsource": "MLIST"}, {"url": "http://marc.info/?l=thttpd&m=114154083000296&w=2", "name": "[thttpd] 20060305 Re: htpasswd.c security issues", "tags": [], "refsource": "MLIST"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217", "name": "thttpd-command-line-bo(25217)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded", "name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1079", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-09T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:30Z"}