[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility
bugzilla at redhat.com
bugzilla at redhat.com
Fri May 26 15:29:49 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities in thttpds htpasswd utility
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095
------- Additional Comments From tibbs at math.uh.edu 2006-05-26 11:22 EST -------
I did some comparisons but the htpasswd.c in thttpd is so old that it doesn't
resemble any of the code in the Apache versions I have around.
There's one comment in the thttpd htpasswd.c that concerns me:
/* Modified 29aug97 by Jef Poskanzer to accept new password on stdin,
** if stdin is a pipe or file. This is necessary for use from CGI.
I don't know that the Apache htpasswd.c supports this; if not, it would have to
be hacked back in.
I'll attach the current Apache htpasswd.c.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list