Package: apache2 Severity: normal Tags: security I've verified that the htdigest from apache2 has the buffer overflow described at http://www.lucaercoli.it/advs/htdigest.txt
I dont know of any exploit vectors, as noted it doiesn't work unless something passes user-supplied parameters to htdigest or its made suid. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686-smp Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968) -- see shy jo
