Vulnerability Details : CVE-2006-1078
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Products affected by CVE-2006-1078
- cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1078
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1078
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
8.4
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-16 |
References for CVE-2006-1078
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25216
thttpd command file buffer overflow CVE-2006-1078 Vulnerability Report
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html
[Full-Disclosure] Mailing List Charter
-
http://marc.info/?l=thttpd&m=114153031201867&w=2
'[THTTPD] htpasswd.c security issues.' - MARC
-
http://www.securityfocus.com/bid/16972
-
http://marc.info/?l=thttpd&m=114154083000296&w=2
'Re: [THTTPD] htpasswd.c security issues.' - MARC
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31236
Apache HTTP Server htpasswd.c strcpy buffer overflow undefined Vulnerability Report
-
http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html
Security Express - Your Ultimate Source for Business, Education, Gaming, Health, Lifestyle, News, Software, and Sports
-
http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html
m-privacy TightGate-Pro Code Execution / Insecure Permissions ≈ Packet Storm
-
http://issues.apache.org/bugzilla/show_bug.cgi?id=31975
31975 – httpd-1.3.33: buffer overflow in htpasswd if called with long arguments
-
http://issues.apache.org/bugzilla/show_bug.cgi?id=41279
41279 – Apache 1.3.37 htpasswd is vulnerable to buffer overflow vulnerability
-
http://www.securityfocus.com/archive/1/426823/100/0/threaded
-
http://seclists.org/bugtraq/2004/Oct/0359.html
Bugtraq: Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
-
http://seclists.org/fulldisclosure/2023/Nov/13
Full Disclosure: SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro
Jump to