MDKSA-2001:083
- Package name
- htdig
- Date
- 2001-11-01
- Advisory ID
- MDKSA-2001:083
- Affected versions
- 8.1 i586 , 8.0 i586 , 7.2 i586 , 8.0 i586
Problem description
A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like /dev/zero and force the CGI to stall until it times out. Repeated attacks could result in a DoS. As well, if the user has write permission on the server and can create a file with certain entries, they can point the server to it and retrieve any file readable by the webserver UID.
Updated packages
8.1 i586
4416ba76bc1bc8fe21aaa278d600fd00 8.1/RPMS/htdig-3.2.0-0.5mdk.i586.rpm 6ba81746cf6b915e66fa11d05bff70f9 8.1/RPMS/htdig-devel-3.2.0-0.5mdk.i586.rpm 09e82bd967c00e553541f8ce424b53e9 8.1/RPMS/htdig-web-3.2.0-0.5mdk.i586.rpm e1893fed436193ee26b60aea46ecc5e4 8.1/SRPMS/htdig-3.2.0-0.5mdk.src.rpm
8.0 i586
3ea0880ab82a79e0dff84b8eb8802066 8.0/RPMS/htdig-3.1.5-9.1mdk.i586.rpm 5b14977038008263d9fa1e692664b2ed 8.0/SRPMS/htdig-3.1.5-9.1mdk.src.rpm
7.2 i586
bd0aebf9736ffffc8e94890310de7fae 7.2/RPMS/htdig-3.1.5-6.1mdk.i586.rpm 6a84ee0f0dda0b523af2b360fb190919 7.2/SRPMS/htdig-3.1.5-6.1mdk.src.rpm
8.0 i586
a045ff01add5eebe015947b69c1b759d ppc/8.0/RPMS/htdig-3.1.5-9.1mdk.ppc.rpm 5b14977038008263d9fa1e692664b2ed ppc/8.0/SRPMS/htdig-3.1.5-9.1mdk.src.rpm