CVE-2002-1233

NameCVE-2002-1233
DescriptionA regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-187, DSA-188, DSA-195
NVD severitylow (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)1.3.27-1low
apachesourcewoody1.3.26-0woodylowDSA-187
apache-perlsource(unstable)1.3.26-1.1-1.27-3-1low
apache-perlsourcewoody1.3.26-1-1.26-0woody2lowDSA-195
apache-sslsourcewoody1.3.26.1+1.48-0woody3lowDSA-188

Search for package or bug name: Reporting problems