Debian Security Advisory
htdig -- remote users can read files with webserver uid
- Date Reported:
- 26 Feb 2000
- Affected Packages:
-
htdig
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0208.
- More information:
- The version of htdig that was distribution in Debian
GNU/Linux 2.1 (aka slink) is vulnerable to a remote attack. There was a
vulnerability in the htsearch script that allowed remote users to read any file
on the webserver that is readable by the uid under which the server is running.
This has been fixed in version 3.1.5-0.1. We recommend you upgrade your htdig
package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/slink/updates/source/htdig_3.1.5-0.1.diff.gz
- http://security.debian.org/dists/slink/updates/source/htdig_3.1.5-0.1.dsc
- http://security.debian.org/dists/slink/updates/source/htdig_3.1.5.orig.tar.gz
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/htdig_3.1.5-0.1_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/htdig_3.1.5-0.1_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/htdig_3.1.5-0.1_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/htdig_3.1.5-0.1_sparc.deb
