January 12, 2001

Immunix 7.0 Apache vulnerability

Author: JT Smith

"A problem has been discovered in the Apache httpd distributed with
the Immunix Linux distribution, a distribution based off the RedHat Linux
distribution. Apache programs htdigest and htpasswd are used to offer
advanced features to users of the web server. However, these two
helper programs insecurely create files in the /tmp directory, which
could allow for /tmp file guessing. This makes it possible for a user with
malicious motives to symblink attack files writable by the UID of the
Apache process." Discussion and patches at SecurityFocus.


  • Linux
Click Here!