CVE-2002-1233

NameCVE-2002-1233
DescriptionA regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-187, DSA-188, DSA-195

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesourcewoody1.3.26-0woodyDSA-187
apachesource(unstable)1.3.27-1
apache-perlsourcewoody1.3.26-1-1.26-0woody2DSA-195
apache-perlsource(unstable)1.3.26-1.1-1.27-3-1
apache-sslsourcewoody1.3.26.1+1.48-0woody3DSA-188

Search for package or bug name: Reporting problems