This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A problem was discovered in the ht://Dig web indexing and searching
program. Nergal reported a vulnerability in htsearch that allows a
remote user to pass the -c parameter, to use a specific config file,
to the htsearch program when running as a CGI. A malicious user could
point to a file like /dev/zero and force the CGI to stall until it
times out. Repeated attacks could result in a DoS. As well, if the
user has write permission on the server and can create a file with
certain entries, they can point the server to it and retrieve any file
readable by the webserver UID.
See also :
Update the affected htdig, htdig-devel and / or htdig-web packages.
Risk factor :
Medium / CVSS Base Score : 6.4