Debian Security Advisory DSA 080-1 (htdig)

# OpenVAS Vulnerability Test
# $Id: deb_080_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 080-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Nergal reported a vulnerability in the htsearch program which is
distributed as part of the ht://Dig package, a indexing and searching
system for small domains or intranets.  Using former versions it was
able to pass the parameter `-c' to the cgi program in order to use a
different configuration file.

A malicious user could point htsearch to a file like `/dev/zero' and
let the server run in an endless loop, trying to read config
parameters.  If the user has write permission on the server he can
point the program to it and retrive any file readable by the webserver
user id.

This problem has been fixed in version of 3.1.5-2.1 for Debian
GNU/Linux 2.2.

We recommend that you upgrade your htdig package immediately.";
tag_summary = "The remote host is missing an update to htdig
announced via advisory DSA 080-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20080-1";

if(description)
{
 script_id(53571);
 script_cve_id("CVE-2001-0834");
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
 script_tag(name:"cvss_base", value:"6.4");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:P");
 script_name("Debian Security Advisory DSA 080-1 (htdig)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"htdig-doc", ver:"3.1.5-2.0potato.1", rls:"DEB2.2")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"htdig", ver:"3.1.5-2.0potato.1", rls:"DEB2.2")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}