ht://Dig远程拒绝服务/文件泄露漏洞-一一网

ht://Dig远程拒绝服务/文件泄露漏洞

4年前更新

1580

漏洞信息详情

ht://Dig远程拒绝服务/文件泄露漏洞

CNNVD编号：CNNVD-200112-062

危害等级：中危
CVE编号：
CVE-2001-0834
漏洞类型：

输入验证
发布时间：

2001-12-06
威胁类型：

远程
更新时间：

2005-09-14
厂商：

suse
漏洞来源：
This vulnerability…

漏洞简介

htdig (ht：//Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件，该漏洞可以（1）通过规格化超大文件如/dev/zero拒绝服务（CPU消耗），或（2）通过上传规格化目标文件的替换配置文件读取任意文件。

漏洞公告

It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory:
2002-03-12 RHSA-2001:139 Updated htdig packages are available
http://rhn.redhat.com/errata/RHSA-2001-139.html
Upgrades available.
ht://Dig Group ht://Dig 3.1.5 -7

Caldera 3.1 Server htdig-3.1.5-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

ht://Dig Group ht://Dig 3.1.5

Conectiva 5.0 htdig-3.1.5-2U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/htdig-3.1.5-2U50_1cl.i386
.rpm
Conectiva 5.1 htdig-3.1.5-2U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/htdig-3.1.5-2U51_1cl.i386
.rpm
Conectiva 6.0 htdig-3.1.5-5U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/htdig-3.1.5-5U60_1cl.i386
.rpm
Conectiva 7.0 htdig-3.1.5-10U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/htdig-3.1.5-10U70_1cl.i38
6.rpm
Debian 2.2 all htdig-doc_3.1.5-2.0potato.1_all.deb

http://security.debian.org/dists/stable/updates/main/binary-all/htdig-
doc_3.1.5-2.0potato.1_all.deb
Debian 2.2 alpha htdig_3.1.5-2.0potato.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/
Debian 2.2 arm htdig_3.1.5-2.0potato.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/htdig_
3.1.5-2.0potato.1_arm.deb
Debian 2.2 i386 htdig_3.1.5-2.0potato.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/htdig
_3.1.5-2.0potato.1_i386.deb
Debian 2.2 m68k htdig_3.1.5-2.0potato.1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/htdig
_3.1.5-2.0potato.1_m68k.deb
Debian 2.2 ppc htdig_3.1.5-2.0potato.1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/ht
dig_3.1.5-2.0potato.1_powerpc.deb
Debian 2.2 sparc htdig_3.1.5-2.0potato.1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/
ht://Dig Group ht://Dig 3.16

http://www.htdig.org/files/snapshots/
MandrakeSoft 7.2 htdig-3.1.5-6.1mdk.i586.rpm

http://www.linux-mandrake.com/en/ftp.php3
MandrakeSoft 8.0 htdig-3.1.5-9.1mdk.i586.rpm

http://www.linux-mandrake.com/en/ftp.php3
MandrakeSoft 8.0 ppc htdig-3.1.5-9.1mdk.ppc.rpm

http://www.linux-mandrake.com/en/ftp.php3
SuSE 6.3 alpha htdig-3.1.5-177.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n2/htdig-3.1.5-177.alpha.rp
m
SuSE 6.3 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n2/htdig-3.1.5-304.i386.rp
m
SuSE 6.4 alpha htdig-3.1.5-177.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/htdig-3.1.5-177.alpha.rp
m
SuSE 6.4 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/htdig-3.1.5-304.i386.rp
m
SuSE 6.4 ppc htdig-3.1.5-208.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/htdig-3.1.5-208.ppc.rpm
SuSE 7.0 alpha htdig-3.1.5-177.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/htdig-3.1.5-177.alpha.rp
m
SuSE 7.0 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/htdig-3.1.5-304.i386.rp
m
SuSE 7.0 ppc htdig-3.1.5-208.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/htdig-3.1.5-208.ppc.rpm
SuSE 7.0 sparc htdig-3.1.5-212.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/htdig-3.1.5-212.sparc.
rpm
SuSE 7.1 alpha htdig-3.1.5-177.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/htdig-3.1.5-177.alpha.rp
m
SuSE 7.1 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/htdig-3.1.5-304.i386.rp
m
SuSE 7.1 ppc htdig-3.1.5-209.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/htdig-3.1.5-209.ppc.rpm
SuSE 7.1 sparc htdig-3.1.5-212.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/htdig-3.1.5-212.sparc.
rpm
SuSE 7.2 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/htdig-3.1.5-304.i386.rp
m
SuSE 7.3 i386 htdig-3.1.5-304.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/htdig-3.1.5-304.i386.rp
m

ht://Dig Group ht://Dig 3.2 0b3

ht://Dig Group ht://Dig 3.2.0b4

http://www.htdig.org/files/snapshots/
RedHat htdig-3.2.0-1.b4.0.71.alpha.rpmRed Hat 7.1 Alpha.
ftp://updates.redhat.com/7.1/en/os/alpha/htdig-3.2.0-1.b4.0.71.alpha.r
pm
RedHat htdig-3.2.0-1.b4.0.71.i386.rpmRed Hat 7.1 i386.
ftp://updates.redhat.com/7.1/en/os/i386/htdig-

参考网址

来源: DEBIAN
名称: DSA-080
链接:http://www.debian.org/security/2001/dsa-080

来源: BUGTRAQ
名称: 20011007 Re: Bug found in ht://Dig htsearch CGI
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2

来源: CONECTIVA
名称: CLA-2001:429
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429

来源: sourceforge.net
链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

来源: sourceforge.net
链接:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

来源: XF
名称: htdig-htsearch-retrieve-files(7263)
链接:http://xforce.iss.net/static/7263.php

来源: XF
名称: htdig-htsearch-infinite-loop(7262)
链接:http://xforce.iss.net/static/7262.php

来源: BID
名称: 3410
链接:http://www.securityfocus.com/bid/3410

来源: REDHAT
名称: RHSA-2001:139
链接:http://www.redhat.com/support/errata/RHSA-2001-139.html

来源: SUSE
名称: SuSE-SA:2001:035
链接:http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html

来源: MANDRAKE
名称: MDKSA-2001:083
链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3

来源: CALDERA
名称: CSSA-2001-035.0
链接:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt

受影响实体

Suse Suse_linux:6.4
Suse Suse_linux:7.0
Suse Suse_linux:7.1
Suse Suse_linux:7.2
Suse Suse_linux:7.3

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐