Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2001:083: htdig

Vulnerability Assessment Details

MDKSA-2001:083: htdig

Vulnerability Assessment Summary
Check for the version of the htdig package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2001:083 (htdig).

A problem was discovered in the ht://Dig web indexing and searching program.
Nergal reported a vulnerability in htsearch that permits a remote user to pass
the -c parameter, to use a specific config file, to the htsearch program when
running as a CGI. A malicious user could point to a file like /dev/zero and
force the CGI to stall until it times out. Repeated attacks could result in a
DoS. As well, if the user has write permission on the server and can create a
file with certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.

Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:083
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors