Package name
Advisory ID
Affected versions
8.1 i586 , 8.0 i586 , 7.2 i586 , 8.0 i586

Problem description

A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like /dev/zero and force the CGI to stall until it times out. Repeated attacks could result in a DoS. As well, if the user has write permission on the server and can create a file with certain entries, they can point the server to it and retrieve any file readable by the webserver UID.

Updated packages

8.1 i586

 4416ba76bc1bc8fe21aaa278d600fd00  8.1/RPMS/htdig-3.2.0-0.5mdk.i586.rpm
6ba81746cf6b915e66fa11d05bff70f9  8.1/RPMS/htdig-devel-3.2.0-0.5mdk.i586.rpm
09e82bd967c00e553541f8ce424b53e9  8.1/RPMS/htdig-web-3.2.0-0.5mdk.i586.rpm
e1893fed436193ee26b60aea46ecc5e4  8.1/SRPMS/htdig-3.2.0-0.5mdk.src.rpm

8.0 i586

 3ea0880ab82a79e0dff84b8eb8802066  8.0/RPMS/htdig-3.1.5-9.1mdk.i586.rpm
5b14977038008263d9fa1e692664b2ed  8.0/SRPMS/htdig-3.1.5-9.1mdk.src.rpm

7.2 i586

 bd0aebf9736ffffc8e94890310de7fae  7.2/RPMS/htdig-3.1.5-6.1mdk.i586.rpm
6a84ee0f0dda0b523af2b360fb190919  7.2/SRPMS/htdig-3.1.5-6.1mdk.src.rpm

8.0 i586

 a045ff01add5eebe015947b69c1b759d  ppc/8.0/RPMS/htdig-3.1.5-9.1mdk.ppc.rpm
5b14977038008263d9fa1e692664b2ed  ppc/8.0/SRPMS/htdig-3.1.5-9.1mdk.src.rpm