Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2001:083: htdig


Vulnerability Assessment Details

MDKSA-2001:083: htdig

Vulnerability Assessment Summary
Check for the version of the htdig package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2001:083 (htdig).


A problem was discovered in the ht://Dig web indexing and searching program.
Nergal reported a vulnerability in htsearch that permits a remote user to pass
the -c parameter, to use a specific config file, to the htsearch program when
running as a CGI. A malicious user could point to a file like /dev/zero and
force the CGI to stall until it times out. Repeated attacks could result in a
DoS. As well, if the user has write permission on the server and can create a
file with certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:083
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

LOT of 100 4GB Sticks DDR3 PC3 Desktop Memory RAM 10600 1333MHz Lot Samsung Dell
$1099.99
LOT of 100 4GB Sticks DDR3 PC3 Desktop Memory RAM 10600 1333MHz Lot Samsung Dell picturePersonalized Picture Phone Cover Case For Samsung iPhone LG HTC Moto iPod
$15.95
Personalized Picture Phone Cover Case For Samsung iPhone LG HTC Moto iPod    picture


Discussions

No Discussions have been posted on this vulnerability.