Test ID:	1.3.6.1.4.1.25623.1.0.52677
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-120-1 (apache2)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to apache2 announced via advisory USN-120-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: apache2-utils Details follow: Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script. Solution: The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-120-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 13537 Common Vulnerability Exposure (CVE) ID: CVE-2005-1344 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://www.securityfocus.com/bid/13537 http://www.lucaercoli.it/advs/htdigest.txt http://www.securiteam.com/unixfocus/5EP061FEKC.html http://www.osvdb.org/12848
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.