SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Server/CGI)  >   Apache mod_digest Vendors:   Apache Software Foundation
Apache mod_digest May Validate Replayed Client Responses
SecurityTracker Alert ID:  1008920
SecurityTracker URL:  http://securitytracker.com/id/1008920
CVE Reference:   CVE-2003-0987   (Links to External Site)
Updated:  Apr 13 2004
Original Entry Date:  Feb 3 2004
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3.29 and prior versions
Description:   A vulnerability was reported in Apache mod_digest. The software may not correctly validate a client response, allowing a remote user to replay a response to gain access to an ostensibly protected system.

It is reported that mod_digest does not properly verify the nonce of a client response. A remote user may be able to replay a response to be authenticated in certain cases.

The report indicates that a remote user can capture the response from another section of the target web site (or another web site entirely). If the target user's username+password combination is the same and the realm is the same, the remote user can reportedly replay the digest response to be successfully authenticated.

Dirk-Willem van Gulik reported this flaw.

Impact:   A remote user may be able to be authenticated in certain cases.
Solution:   The vendor has released a fixed development version (1.3.31-dev).
Vendor URL:  www.mail-archive.com/dev@httpd.apache.org/msg19007.html (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 13 2004 (Slackware Issues Fix) Apache mod_digest May Validate Replayed Client Responses
Slackware has released a fix.
May 18 2004 (Mandrake Issues Fix) Apache mod_digest May Validate Replayed Client Responses
Mandrake has released a fix.
May 20 2004 (Mandrake Issues Fix for mod_perl) Apache mod_digest May Validate Replayed Client Responses
Mandrake has issued a fix for mod_perl.
May 26 2004 (Gentoo Issues Fix) Apache mod_digest May Validate Replayed Client Responses
Gentoo has released a fix.
Sep 1 2004 (SCO Issues Fix) Apache mod_digest May Validate Replayed Client Responses
SCO has issued a fix for OpenServer 5.0.6 and 5.0.7.
Sep 10 2004 (Sun Issues Fix) Apache mod_digest May Validate Replayed Client Responses
Sun has issued a fix for Solaris 9.
Dec 2 2004 (Apple Issues Fix for OS X) Apache mod_digest May Validate Replayed Client Responses
Apple has issued a fix for Apache on Mac OS X.



 Source Message Contents

Subject:  http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html


http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html

CVE:  CAN-2003-0987


RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1914
diff -u -r1.1914 CHANGES
--- src/CHANGES 14 Dec 2003 18:16:49 -0000      1.1914
+++ src/CHANGES 18 Dec 2003 21:25:56 -0000
@@ -1,5 +1,11 @@
  Changes with Apache 1.3.30

+  *) SECURITY - verification as to wether the nonce returned in the
+     client response is one we issued ourselves by means of a
+     AuthNonce secret exposed as an md5(). See mod_digest documentation
+     for more details. The experimental/mod_auth_digest.c does not
+     have this issue.  [Dirk-Willem van Gulik]
+

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC