Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0834

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2001-0834
Last Modified 07 Mar 2011 09:05:55
Published 06 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0834

Summary

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Vulnerable Systems

Operating System

  • Conectiva Linux 5.0

  • Conectiva Linux 5.1

  • Conectiva Linux 6.0

  • Conectiva Linux 7.0

  • Debian Linux 2.2

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2

  • Suse Linux 7.3

Application

  • Htdig 3.1.5


References

DEBIAN - DSA-080

BUGTRAQ - 20011007 Re: Bug found in ht://Dig htsearch CGI

CONECTIVA - CLA-2001:429

MISC - http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

XF - htdig-htsearch-retrieve-files(7263)

XF - htdig-htsearch-infinite-loop(7262)

BID - 3410

REDHAT - RHSA-2001:139

SUSE - SuSE-SA:2001:035

MANDRAKE - MDKSA-2001:083

CALDERA - CSSA-2001-035.0


Last Updated: 27 May 2016 10:36:24