Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2001:083: htdig


Vulnerability Assessment Details

MDKSA-2001:083: htdig

Vulnerability Assessment Summary
Check for the version of the htdig package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2001:083 (htdig).


A problem was discovered in the ht://Dig web indexing and searching program.
Nergal reported a vulnerability in htsearch that permits a remote user to pass
the -c parameter, to use a specific config file, to the htsearch program when
running as a CGI. A malicious user could point to a file like /dev/zero and
force the CGI to stall until it times out. Repeated attacks could result in a
DoS. As well, if the user has write permission on the server and can create a
file with certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:083
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Hynix 2GB 1Rx8 PC3-10600S-9-11-B2 Memory Stick x2 (DUAL)
$4.7
Hynix 2GB 1Rx8 PC3-10600S-9-11-B2 Memory Stick x2 (DUAL) pictureASUS K8S-LA ATX Desktop Motherboard, Socket 754 w/ IO Shield, CPU, and Memory
$32.0
ASUS K8S-LA ATX Desktop Motherboard, Socket 754 w/ IO Shield, CPU, and Memory picture TESTED Elpida 8GB Laptop Memory RAM PC3L-12800s DDR3 1600MHz EBJ81UG8EFU0-GN-F
$23.0
 TESTED Elpida 8GB Laptop Memory RAM PC3L-12800s DDR3 1600MHz EBJ81UG8EFU0-GN-F picture


Discussions

No Discussions have been posted on this vulnerability.