Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2001:083: htdig


Vulnerability Assessment Details

MDKSA-2001:083: htdig

Vulnerability Assessment Summary
Check for the version of the htdig package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2001:083 (htdig).


A problem was discovered in the ht://Dig web indexing and searching program.
Nergal reported a vulnerability in htsearch that permits a remote user to pass
the -c parameter, to use a specific config file, to the htsearch program when
running as a CGI. A malicious user could point to a file like /dev/zero and
force the CGI to stall until it times out. Repeated attacks could result in a
DoS. As well, if the user has write permission on the server and can create a
file with certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:083
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Intel BX80662G4400 Pentium Processor G4400 3.3 GHz FCLGA1151
$65.99
Intel BX80662G4400 Pentium Processor G4400 3.3 GHz FCLGA1151 pictureIntel Core i7-920 2.66GHz Quad-Core Processor
$34.99
Intel Core i7-920 2.66GHz Quad-Core Processor pictureFACTORY SEALED Allen Bradley 1756-L61 Series B ControlLogix Processor
$1195.0
FACTORY SEALED Allen Bradley 1756-L61 Series B ControlLogix Processor  picture Intel Core i3-7100 3.9 GHz Dual-Core BX80677I37100 Kaby Lake CPU Processor
$59.99
 Intel Core i3-7100 3.9 GHz Dual-Core BX80677I37100 Kaby Lake CPU Processor  picture


Discussions

No Discussions have been posted on this vulnerability.