Date: Fri, 18 Jul 2014 21:51:22 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: bozohttpd: basic http authentication bypass Hi Can a CVE be assigned for the following bozohttpd basic http authetication bypass vulnerability? It was fixed in bozohttpd version 20140708. Quoting NetBSD advisory: > Abstract > ======== > > When checking for restricted access via .htpasswd files, bozohttpd > fails to properly check for truncation, allowing specially crafted > requests to bypass access control without a password. Files of > length 10 or more are not affected. > > > Technical Details > ================= > > A call to snprintf() was not properly checking for truncation of > a provided user path, allowing a later concatenation of the > ".htpasswd" file name to exceed the maximum pathname length. This > stops the check for .htpasswd file from working correctly, bypassing > the basic HTTP authentication scheme. Files with names longer than > ".htpasswd" are not visible as they require at least enough for a > valid path to be available.  http://mail-index.netbsd.org/current-users/2014/07/17/msg025287.html  https://bugs.debian.org/755197 Thanks in advance, Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ