CVE-2002-1233

Name of the Vulnerable Software and Affected Versions: apache-ssl versions 1.3.9 and earlier on Debian 2.2 apache-ssl versions 1.3.26 and earlier on Debian 3.0 Apache versions 1.3.27 and earlier

Description: A regression error in the apache-ssl package allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs htpasswd or htdigest. This issue is a re-introduction of a previously identified vulnerability.

Recommendations: For apache-ssl versions 1.3.9 and earlier on Debian 2.2, update to version 1.3.9 or later. For apache-ssl versions 1.3.26 and earlier on Debian 3.0, update to version 1.3.26 or later. For Apache versions 1.3.27 and earlier, update to a version later than 1.3.27.