Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2001:083: htdig

Vulnerability Assessment Details

MDKSA-2001:083: htdig

Vulnerability Assessment Summary
Check for the version of the htdig package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2001:083 (htdig).

A problem was discovered in the ht://Dig web indexing and searching program.
Nergal reported a vulnerability in htsearch that permits a remote user to pass
the -c parameter, to use a specific config file, to the htsearch program when
running as a CGI. A malicious user could point to a file like /dev/zero and
force the CGI to stall until it times out. Repeated attacks could result in a
DoS. As well, if the user has write permission on the server and can create a
file with certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.

Solution :
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

SSG520M-SH JUNIPER Secure Services Gateway Firewall
SSG520M-SH JUNIPER Secure Services Gateway Firewall pictureNEW Fortinet FG-20C FortiGate-20C Firewall
NEW Fortinet FG-20C FortiGate-20C Firewall pictureSonicWall TZ 205w Wireless-N Network Firewall APL22-09E With Power Adapter
SonicWall TZ 205w Wireless-N Network Firewall APL22-09E With Power Adapter pictureJuniper SRX210H UTM Firewall Router
Juniper SRX210H UTM Firewall Router picture


No Discussions have been posted on this vulnerability.