ISS X-Force Database: htdig-htsearch-retrieve-files(7263): ht://dig htsearch.cgi allows a remote attacker to retrieve arbitrary files

ht://dig htsearch.cgi allows a remote attacker to retrieve arbitrary files

htdig-htsearch-retrieve-files (7263)

Low Risk

Description:

The ht://dig program could allow a remote attacker to retrieve arbitrary files, caused by a vulnerability in the htsearch CGI. A remote attacker with write permissions can create a file with specific entries and point the server to the file to retrieve any file readable by the Web server. An attacker can use this vulnerability to obtain sensitive information.

Consequences:

Obtain Information

Remedy:

For Caldera OpenLinux Workstation and Server 3.1:
Upgrade to the latest version of htdig (3.1.5-8 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2001-035.0. See References.

For Conectiva Linux 5.0:
Upgrade to the latest version of htdig (3.1.5-2U50_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:429. See References.

For Conectiva Linux 5.1:
Upgrade to the latest version of htdig (3.1.5-2U51_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:429. See References.

For Conectiva Linux 6.0:
Upgrade to the latest version of htdig (3.1.5-5U60_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:429. See References.

For Conectiva Linux 7.0:
Upgrade to the latest version of htdig (3.1.5-10U70_1cl or later), as listed in Conectiva Linux Security Announcement CLA-2001:429. See References.

For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of htdig (3.1.5-2.0potato.1 or later), as listed in DSA-080-1. See References.

For Mandrake Linux 7.2:
Upgrade to the latest version of htdig (3.1.5-6.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:083 : htdig. See References.

For Mandrake Linux 8.0:
Upgrade to the latest version of htdig (3.1.5-9.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:083 : htdig. See References.

For Mandrake Linux 8.1:
Upgrade to the latest version of htdig (3.2.0-0.5mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:083 : htdig. See References.

For SuSE Linux 6.3, 6.4, 7.0, 7.1, 7.2, and 7.3 (i386 Intel):
Upgrade to the latest version of htdig (3.1.5-304 or later), as listed in SuSE Security Announcement SuSE-SA:2001:035. See References.

For SuSE Linux 7.0 and 7.1 (Sparc):
Upgrade to the latest version of htdig (3.1.5-212 or later), as listed in SuSE Security Announcement SuSE-SA:2001:035. See References.

For SuSE Linux 6.3, 6.4, 7.0, and 7.1 (AXP Alpha):
Upgrade to the latest version of htdig (3.1.5-177 or later), as listed in SuSE Security Announcement SuSE-SA:2001:035. See References.

For SuSE Linux 6.4 and 7.0 (PPC PowerPC):
Upgrade to the latest version of htdig (3.1.5-208 or later), as listed in SuSE Security Announcement SuSE-SA:2001:035. See References.

For SuSE Linux 7.1(PPC PowerPC):
Upgrade to the latest version of htdig (3.1.5-209 or later), as listed in SuSE Security Announcement SuSE-SA:2001:035. See References.

For Red Hat Linux 7.1:
Upgrade to the latest version of htdig (3.2.0-1.b4.0.71 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:139-11. See References.

For Red Hat Linux 7.2:
Upgrade to the latest version of htdig (3.2.0-2.011302 or later), as listed in Red Hat Linux Errata Advisory RHSA-2001:139-11. See References.

For HP Secure OS Software for Linux 1.0:
Apply the RHSA-2001-139 RPMs, as listed in Hewlett-Packard Company Security Bulletin HPSBTL0205-041. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Caldera International, Inc. Security Advisory CSSA-2001-035.0: Linux - Remote File View Problem in htdig.
Conectiva Linux Announcement CLSA-2001:429: ht://Dig DoS and remote exposure.
Hewlett-Packard Company Security Bulletin HPSBTL0205-041: Security vulnerability in htdig. (From SecurityFocus archive.)
SuSE Security Announcement SuSE-SA:2001:035: htdig.
BID-3410: ht://Dig Remote Denial of Service/File Disclosure Vulnerability
CVE-2001-0834: htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
DSA-080: htdig -- unauthorized gathering of data
MDKSA-2001:083: Updated htdig packages fix insecurities in htsearch
RHSA-2001-139: Updated htdig packages are available

Platforms Affected:

Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Conectiva Linux 7.0
Debian Debian Linux 2.2
HP Secure OS 1.0
ht://Dig Group ht://Dig
MandrakeSoft Mandrake Linux 7.2
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux 8.1
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
SCO Caldera OpenLinux Server 3.1
SCO Caldera OpenLinux Workstation 3.1
SUSE SuSE Linux 6.3
SUSE SuSE Linux 6.4
SUSE SuSE Linux 7.0
SUSE SuSE Linux 7.1
SUSE SuSE Linux 7.2
SUSE SuSE Linux 7.3

Reported:

Oct 09, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page