漏洞信息详情

ht://Dig远程拒绝服务/文件泄露漏洞

• CNNVD编号：CNNVD-200112-062
• 危害等级： 中危
  
• CVE编号： CVE-2001-0834
• 漏洞类型： 输入验证
• 发布时间： 2001-12-06
• 威胁类型： 远程
• 更新时间： 2005-09-14
• 厂        商： suse
• 漏洞来源： .');">This vulnerability...

漏洞简介

htdig (ht：//Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件，该漏洞可以（1）通过规格化超大文件如/dev/zero拒绝服务（CPU消耗），或（2）通过上传规格化目标文件的替换配置文件读取任意文件。

漏洞公告

It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory: 2002-03-12 RHSA-2001:139 Updated htdig packages are available http://rhn.redhat.com/errata/RHSA-2001-139.HTML Upgrades available. ht://Dig Group ht://Dig 3.1.5 -7

• Caldera 3.1 Server htdig-3.1.5-8.i386.rpm ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

• Conectiva 5.0 htdig-3.1.5-2U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/htdig-3.1.5-2U50_1cl.i386 .rpm
• Conectiva 5.1 htdig-3.1.5-2U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/htdig-3.1.5-2U51_1cl.i386 .rpm
• Conectiva 6.0 htdig-3.1.5-5U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/htdig-3.1.5-5U60_1cl.i386 .rpm
• Conectiva 7.0 htdig-3.1.5-10U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/htdig-3.1.5-10U70_1cl.i38 6.rpm
• Debian 2.2 all htdig-doc_3.1.5-2.0potato.1_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/htdig- doc_3.1.5-2.0potato.1_all.deb
• Debian 2.2 alpha htdig_3.1.5-2.0potato.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/
• Debian 2.2 arm htdig_3.1.5-2.0potato.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/htdig_ 3.1.5-2.0potato.1_arm.deb
• Debian 2.2 i386 htdig_3.1.5-2.0potato.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/htdig _3.1.5-2.0potato.1_i386.deb
• Debian 2.2 m68k htdig_3.1.5-2.0potato.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/htdig _3.1.5-2.0potato.1_m68k.deb
• Debian 2.2 ppc htdig_3.1.5-2.0potato.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ht dig_3.1.5-2.0potato.1_powerpc.deb
• Debian 2.2 sparc htdig_3.1.5-2.0potato.1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/
• ht://Dig Group ht://Dig 3.16 http://www.htdig.org/files/snapshots/
• MandrakeSoft 7.2 htdig-3.1.5-6.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
• MandrakeSoft 8.0 htdig-3.1.5-9.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
• MandrakeSoft 8.0 ppc htdig-3.1.5-9.1mdk.ppc.rpm http://www.linux-mandrake.com/en/ftp.php3
• SuSE 6.3 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.3/n2/htdig-3.1.5-177.alpha.rp m
• SuSE 6.3 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.3/n2/htdig-3.1.5-304.i386.rp m
• SuSE 6.4 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/htdig-3.1.5-177.alpha.rp m
• SuSE 6.4 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/htdig-3.1.5-304.i386.rp m
• SuSE 6.4 ppc htdig-3.1.5-208.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/htdig-3.1.5-208.ppc.rpm
• SuSE 7.0 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/htdig-3.1.5-177.alpha.rp m
• SuSE 7.0 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/htdig-3.1.5-304.i386.rp m
• SuSE 7.0 ppc htdig-3.1.5-208.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/htdig-3.1.5-208.ppc.rpm
• SuSE 7.0 sparc htdig-3.1.5-212.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/htdig-3.1.5-212.sparc. rpm
• SuSE 7.1 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/htdig-3.1.5-177.alpha.rp m
• SuSE 7.1 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/htdig-3.1.5-304.i386.rp m
• SuSE 7.1 ppc htdig-3.1.5-209.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/htdig-3.1.5-209.ppc.rpm
• SuSE 7.1 sparc htdig-3.1.5-212.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/htdig-3.1.5-212.sparc. rpm
• SuSE 7.2 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/htdig-3.1.5-304.i386.rp m
• SuSE 7.3 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/htdig-3.1.5-304.i386.rp m

• ht://Dig Group ht://Dig 3.2.0b4 http://www.htdig.org/files/snapshots/
• RedHat htdig-3.2.0-1.b4.0.71.alpha.rpmRed Hat 7.1 Alpha. ftp://updates.redhat.com/7.1/en/os/alpha/htdig-3.2.0-1.b4.0.71.alpha.r pm
• RedHat htdig-3.2.0-1.b4.0.71.i386.rpmRed Hat 7.1 i386. ftp://updates.redhat.com/7.1/en/os/i386/htdig-

参考网址

来源: DEBIAN 名称: DSA-080 链接:http://www.debian.org/security/2001/dsa-080 来源: BUGTRAQ 名称: 20011007 Re: Bug found in ht://Dig htsearch CGI 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2 来源: CONECTIVA 名称: CLA-2001:429 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 来源: sourceforge.net 链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 来源: sourceforge.net 链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 来源: XF 名称: htdig-htsearch-retrieve-files(7263) 链接:http://xforce.iss.net/static/7263.php 来源: XF 名称: htdig-htsearch-infinite-loop(7262) 链接:http://xforce.iss.net/static/7262.php 来源: BID 名称: 3410 链接:http://www.securityfocus.com/bid/3410 来源: REDHAT 名称: RHSA-2001:139 链接:http://www.redhat.com/support/errata/RHSA-2001-139.HTML 来源: SUSE 名称: SuSE-SA:2001:035 链接:http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.HTML 来源: MANDRAKE 名称: MDKSA-2001:083 链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 来源: CALDERA 名称: CSSA-2001-035.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt

受影响实体

• Suse Suse_linux:6.4  
• Suse Suse_linux:7.0  
• Suse Suse_linux:7.1  
• Suse Suse_linux:7.2  
• Suse Suse_linux:7.3  

补丁

暂无