漏洞信息详情
ht://Dig远程拒绝服务/文件泄露漏洞
- CNNVD编号:CNNVD-200112-062
- 危害等级: 中危
- CVE编号: CVE-2001-0834
- 漏洞类型: 输入验证
- 发布时间: 2001-12-06
- 威胁类型: 远程
- 更新时间: 2005-09-14
- 厂 商: suse
- 漏洞来源: .');">This vulnerability...
漏洞简介
htdig (ht://Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件,该漏洞可以(1)通过规格化超大文件如/dev/zero拒绝服务(CPU消耗),或(2)通过上传规格化目标文件的替换配置文件读取任意文件。
漏洞公告
It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory: 2002-03-12 RHSA-2001:139 Updated htdig packages are available http://rhn.redhat.com/errata/RHSA-2001-139.HTML Upgrades available. ht://Dig Group ht://Dig 3.1.5 -7
- Caldera 3.1 Server htdig-3.1.5-8.i386.rpm ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
- Conectiva 5.0 htdig-3.1.5-2U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/htdig-3.1.5-2U50_1cl.i386 .rpm
- Conectiva 5.1 htdig-3.1.5-2U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/htdig-3.1.5-2U51_1cl.i386 .rpm
- Conectiva 6.0 htdig-3.1.5-5U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/htdig-3.1.5-5U60_1cl.i386 .rpm
- Conectiva 7.0 htdig-3.1.5-10U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/htdig-3.1.5-10U70_1cl.i38 6.rpm
- Debian 2.2 all htdig-doc_3.1.5-2.0potato.1_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/htdig- doc_3.1.5-2.0potato.1_all.deb
- Debian 2.2 alpha htdig_3.1.5-2.0potato.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/
- Debian 2.2 arm htdig_3.1.5-2.0potato.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/htdig_ 3.1.5-2.0potato.1_arm.deb
- Debian 2.2 i386 htdig_3.1.5-2.0potato.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/htdig _3.1.5-2.0potato.1_i386.deb
- Debian 2.2 m68k htdig_3.1.5-2.0potato.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/htdig _3.1.5-2.0potato.1_m68k.deb
- Debian 2.2 ppc htdig_3.1.5-2.0potato.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ht dig_3.1.5-2.0potato.1_powerpc.deb
- Debian 2.2 sparc htdig_3.1.5-2.0potato.1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/
- ht://Dig Group ht://Dig 3.16 http://www.htdig.org/files/snapshots/
- MandrakeSoft 7.2 htdig-3.1.5-6.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 8.0 htdig-3.1.5-9.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 8.0 ppc htdig-3.1.5-9.1mdk.ppc.rpm http://www.linux-mandrake.com/en/ftp.php3
- SuSE 6.3 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.3/n2/htdig-3.1.5-177.alpha.rp m
- SuSE 6.3 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.3/n2/htdig-3.1.5-304.i386.rp m
- SuSE 6.4 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/htdig-3.1.5-177.alpha.rp m
- SuSE 6.4 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/htdig-3.1.5-304.i386.rp m
- SuSE 6.4 ppc htdig-3.1.5-208.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/htdig-3.1.5-208.ppc.rpm
- SuSE 7.0 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/htdig-3.1.5-177.alpha.rp m
- SuSE 7.0 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/htdig-3.1.5-304.i386.rp m
- SuSE 7.0 ppc htdig-3.1.5-208.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/htdig-3.1.5-208.ppc.rpm
- SuSE 7.0 sparc htdig-3.1.5-212.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/htdig-3.1.5-212.sparc. rpm
- SuSE 7.1 alpha htdig-3.1.5-177.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/htdig-3.1.5-177.alpha.rp m
- SuSE 7.1 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/htdig-3.1.5-304.i386.rp m
- SuSE 7.1 ppc htdig-3.1.5-209.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/htdig-3.1.5-209.ppc.rpm
- SuSE 7.1 sparc htdig-3.1.5-212.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/htdig-3.1.5-212.sparc. rpm
- SuSE 7.2 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/htdig-3.1.5-304.i386.rp m
- SuSE 7.3 i386 htdig-3.1.5-304.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/htdig-3.1.5-304.i386.rp m
- ht://Dig Group ht://Dig 3.2.0b4 http://www.htdig.org/files/snapshots/
- RedHat htdig-3.2.0-1.b4.0.71.alpha.rpmRed Hat 7.1 Alpha. ftp://updates.redhat.com/7.1/en/os/alpha/htdig-3.2.0-1.b4.0.71.alpha.r pm
-
RedHat htdig-3.2.0-1.b4.0.71.i386.rpmRed Hat 7.1 i386.
ftp://updates.redhat.com/7.1/en/os/i386/htdig-
参考网址
来源: DEBIAN 名称: DSA-080 链接:http://www.debian.org/security/2001/dsa-080 来源: BUGTRAQ 名称: 20011007 Re: Bug found in ht://Dig htsearch CGI 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2 来源: CONECTIVA 名称: CLA-2001:429 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 来源: sourceforge.net 链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 来源: sourceforge.net 链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 来源: XF 名称: htdig-htsearch-retrieve-files(7263) 链接:http://xforce.iss.net/static/7263.php 来源: XF 名称: htdig-htsearch-infinite-loop(7262) 链接:http://xforce.iss.net/static/7262.php 来源: BID 名称: 3410 链接:http://www.securityfocus.com/bid/3410 来源: REDHAT 名称: RHSA-2001:139 链接:http://www.redhat.com/support/errata/RHSA-2001-139.HTML 来源: SUSE 名称: SuSE-SA:2001:035 链接:http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.HTML 来源: MANDRAKE 名称: MDKSA-2001:083 链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 来源: CALDERA 名称: CSSA-2001-035.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
受影响实体
- Suse Suse_linux:6.4
- Suse Suse_linux:7.0
- Suse Suse_linux:7.1
- Suse Suse_linux:7.2
- Suse Suse_linux:7.3
补丁
暂无
评论