Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A problem was discovered in the ht://Dig web indexing and searching
program. Nergal reported a vulnerability in htsearch that allows a
remote user to pass the -c parameter, to use a specific config file,
to the htsearch program when running as a CGI. A malicious user could
point to a file like /dev/zero and force the CGI to stall until it
times out. Repeated attacks could result in a DoS. As well, if the
user has write permission on the server and can create a file with
certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.

See also :

http://www.nessus.org/u?8db54e57

Solution :

Update the affected htdig, htdig-devel and / or htdig-web packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13896 (mandrake_MDKSA-2001-083.nasl)

Bugtraq ID:

CVE ID: CVE-2001-0834

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now