On Sun, 23 Sep 2001, Geoff Hutchison wrote:
+ There is a security vulnerability in all versions of htsearch between
+ 3.1.0b2 and 3.1.5, including all versions of the 3.2.0b1 through
+ 3.2.0b3. The hole can allow a remote user to pick a file on your system
+ for the config file that the UID running the webserver can read. In the
+ case of a user with local access as well, this could enable local file
+ disclosure.
Could I trouble you to show us just what the exploit looks like please?
I think my setup will be impervious to this exploit because I never
invoke htsearch directly, only via a wrapper that verifies the config file
name matches the alias by which the script has been invoked - I have one
wrapper script and an 'ln -s' for each permitted config file. The real
htsearch isn't in my cgi-bin directory, htsearch in my cgi-bin is a dummy
that just emails me the @ENV details of the caller.
That said, it would be nice to confirm my setup foils the exploit and
that I can rest easy until a 3.1.6 binary RPM is released.
regards,
Malcolm.
[EMAIL PROTECTED] http://users.ox.ac.uk/~malcolm/
_______________________________________________
htdig-general mailing list <[EMAIL PROTECTED]>
To unsubscribe, send a message to <[EMAIL PROTECTED]> with a
subject of unsubscribe
FAQ: http://htdig.sourceforge.net/FAQ.html
