Lucene search
SuseSUSE-SA:2001:035HistoryOct 24, 2001 - 10:18 a.m.
local privilege escalation, remote DoS in htdig
2001-10-2410:18:14
lists.opensuse.org
15
0.016 Low
EPSS
Percentile
85.8%
ht://Dig is a powerfull indexing and information gathering tool for the web. ht://Dig’s search engine htsearch could be run by a http server as CGI program or standalone as commandline tool. Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes. To read files with the privilege of the http server by abusing the -c option an attacker needs write access to the server running htsearch.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.0 | i386 | htdig | < 3.1.5-304 | htdig-3.1.5-304.i386.rpm |
| openSUSE | 6.4 | ppc | htdig | < 3.1.5-208 | htdig-3.1.5-208.ppc.rpm |
| openSUSE | 7.0 | sparc | htdig | < 3.1.5-212 | htdig-3.1.5-212.sparc.rpm |
| openSUSE | 7.1 | alpha | htdig | < 3.1.5-177 | htdig-3.1.5-177.alpha.rpm |
| openSUSE | 6.3 | alpha | htdig | < 3.1.5-177 | htdig-3.1.5-177.alpha.rpm |
| openSUSE | 7.2 | i386 | htdig | < 3.1.5-304 | htdig-3.1.5-304.i386.rpm |
| openSUSE | 6.4 | alpha | htdig | < 3.1.5-177 | htdig-3.1.5-177.alpha.rpm |
| openSUSE | 7.1 | ppc | htdig | < 3.1.5-209 | htdig-3.1.5-209.ppc.rpm |
| openSUSE | 6.4 | i386 | htdig | < 3.1.5-304 | htdig-3.1.5-304.i386.rpm |
| openSUSE | 7.0 | ppc | htdig | < 3.1.5-208 | htdig-3.1.5-208.ppc.rpm |
Related
nessus
nessus
ht://Dig htsearch Multiple Vulnerabilities
2001-10-17 00:00:00
Debian DSA-080-1 : htdig - unauthorized gathering of data
2004-09-29 00:00:00
Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)
2004-07-31 00:00:00
cve
cve
CVE-2001-0834
2001-12-06 05:00:00
openvas
openvas
Debian Security Advisory DSA 080-1 (htdig)
2008-01-17 00:00:00
Debian Security Advisory DSA 080-1 (htdig)
2008-01-17 00:00:00