Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1233

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2002-1233
Last Modified 10 Sep 2008 03:14:06
Published 04 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2002-1233

Summary

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

Vulnerable Systems

Application

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27


References

BID - 5990

BID - 5981

XF - apache-htdigest-tmpfile-race(10413)

XF - apache-htpasswd-tmpfile-race(10412)

DEBIAN - DSA-195

DEBIAN - DSA-188

DEBIAN - DSA-187

BUGTRAQ - 20021016 Apache 1.3.26


Last Updated: 27 May 2016 10:37:15