CVE-2001-0834
CVSS6.4
发布时间 :2001-12-06 00:00:00
修订时间 :2016-10-17 22:12:10
NMCO    

[原文]htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.


[CNNVD]ht://Dig远程拒绝服务/文件泄露漏洞(CNNVD-200112-062)

        htdig (ht://Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件,该漏洞可以(1)通过规格化超大文件如/dev/zero拒绝服务(CPU消耗),或(2)通过上传规格化目标文件的替换配置文件读取任意文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:7.2SuSE SuSE Linux 7.2
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:suse:suse_linux:7.1SuSE SuSE Linux 7.1
cpe:/o:debian:debian_linux:2.2Debian Debian Linux 2.2
cpe:/o:conectiva:linux:7.0Conectiva Conectiva Linux 7.0
cpe:/a:htdig:htdig:3.1.5
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/o:conectiva:linux:6.0Conectiva Conectiva Linux 6.0
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4
cpe:/o:suse:suse_linux:7.3SuSE SuSE Linux 7.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0834
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0834
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-062
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
(VENDOR_ADVISORY)  CONECTIVA  CLA-2001:429
http://marc.info/?l=bugtraq&m=100260195401753&w=2
(UNKNOWN)  BUGTRAQ  20011007 Re: Bug found in ht://Dig htsearch CGI
http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
(UNKNOWN)  MISC  http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
(UNKNOWN)  CALDERA  CSSA-2001-035.0
http://www.debian.org/security/2001/dsa-080
(VENDOR_ADVISORY)  DEBIAN  DSA-080
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3
(UNKNOWN)  MANDRAKE  MDKSA-2001:083
http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html
(UNKNOWN)  SUSE  SuSE-SA:2001:035
http://www.redhat.com/support/errata/RHSA-2001-139.html
(UNKNOWN)  REDHAT  RHSA-2001:139
http://www.securityfocus.com/bid/3410
(UNKNOWN)  BID  3410
http://xforce.iss.net/static/7262.php
(UNKNOWN)  XF  htdig-htsearch-infinite-loop(7262)
http://xforce.iss.net/static/7263.php
(UNKNOWN)  XF  htdig-htsearch-retrieve-files(7263)

- 漏洞信息

ht://Dig远程拒绝服务/文件泄露漏洞
中危 输入验证
2001-12-06 00:00:00 2005-09-14 00:00:00
远程  
        htdig (ht://Dig) 3.1.5及其更早版本的htsearch CGI程序存在漏洞。远程攻击者可以使用-c选项规格化替换配置文件,该漏洞可以(1)通过规格化超大文件如/dev/zero拒绝服务(CPU消耗),或(2)通过上传规格化目标文件的替换配置文件读取任意文件。

- 公告与补丁

        It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory:
        2002-03-12 RHSA-2001:139 Updated htdig packages are available
        http://rhn.redhat.com/errata/RHSA-2001-139.html
        Upgrades available.
        ht://Dig Group ht://Dig 3.1.5 -7
        
        ht://Dig Group ht://Dig 3.1.5
        
        ht://Dig Group ht://Dig 3.2 0b3
        

- 漏洞信息

654
ht://Dig (htdig) htsearch.cgi -c Parameter DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

ht://Dig contains a flaw that may allow a remote denial of service. The issue is triggered when passing a -c parameter to the 'htsearch.cgi' script and specify a file such as /dev/zero, which causes the script to enter an infinite loop, and will result in loss of availability for the application.

- 时间线

2001-09-03 Unknow
2001-09-03 Unknow

- 解决方案

Upgrade to version 3.1.6 (stable) or 3.2.0b4 (development) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站