First published: Thu Dec 06 2001(Updated: )
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Htdig Htdig | <=3.1.5 | |
Conectiva Linux | =6.0 | |
Conectiva Linux | =5.1 | |
Conectiva Linux | =7.0 | |
Conectiva Linux | =5.0 | |
Debian Debian Linux | =2.2 | |
Suse Suse Linux | =7.2 | |
Suse Suse Linux | =7.0 | |
Suse Suse Linux | =7.1 | |
Suse Suse Linux | =6.3 | |
Suse Suse Linux | =6.4 | |
Suse Suse Linux | =7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.