发布时间 :2001-12-06 00:00:00
修订时间 :2016-10-17 22:12:10

[原文]htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.


        htdig (ht://Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件,该漏洞可以(1)通过规格化超大文件如/dev/zero拒绝服务(CPU消耗),或(2)通过上传规格化目标文件的替换配置文件读取任意文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:conectiva:linux:7.0Conectiva Conectiva Linux 7.0
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/o:conectiva:linux:6.0Conectiva Conectiva Linux 6.0
cpe:/o:suse:suse_linux:7.1SuSE SuSE Linux 7.1
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:7.2SuSE SuSE Linux 7.2
cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4
cpe:/o:suse:suse_linux:7.3SuSE SuSE Linux 7.3
cpe:/o:debian:debian_linux:2.2Debian Debian Linux 2.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20011007 Re: Bug found in ht://Dig htsearch CGI
(UNKNOWN)  SUSE  SuSE-SA:2001:035
(UNKNOWN)  BID  3410
(UNKNOWN)  XF  htdig-htsearch-infinite-loop(7262)
(UNKNOWN)  XF  htdig-htsearch-retrieve-files(7263)

- 漏洞信息

中危 输入验证
2001-12-06 00:00:00 2005-09-14 00:00:00
        htdig (ht://Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件,该漏洞可以(1)通过规格化超大文件如/dev/zero拒绝服务(CPU消耗),或(2)通过上传规格化目标文件的替换配置文件读取任意文件。

- 公告与补丁

        It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory:
        2002-03-12 RHSA-2001:139 Updated htdig packages are available
        Upgrades available.
        ht://Dig Group ht://Dig 3.1.5 -7
        ht://Dig Group ht://Dig 3.1.5
        ht://Dig Group ht://Dig 3.2 0b3

- 漏洞信息

ht://Dig (htdig) htsearch.cgi -c Parameter DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

ht://Dig contains a flaw that may allow a remote denial of service. The issue is triggered when passing a -c parameter to the 'htsearch.cgi' script and specify a file such as /dev/zero, which causes the script to enter an infinite loop, and will result in loss of availability for the application.

- 时间线

2001-09-03 Unknow
2001-09-03 Unknow

- 解决方案

Upgrade to version 3.1.6 (stable) or 3.2.0b4 (development) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者