Bugtraq mailing list archives
Re: [CLA-2001:429] Conectiva Linux Security Announcement - htdig
From: Geoff Hutchison <ghutchis () wso williams edu>
Date: Wed, 10 Oct 2001 22:00:21 -0500
At 7:19 PM -0200 10/10/01, secure () conectiva com br wrote:
A malicious user could point to a file like /dev/zero and let the server run in an endless loop, trying to read config parameters from there.
Whoa there. I haven't looked at the RPMs you're distributing, but the htsearch CGI will timeout after a given interval (by default 5 minutes) via the alarm() call. Yes, the /dev/zero URL could be used for a Denial of Service attack in this fashion. Yes, it's a bug and a reason to upgrade.
No, this is not an "endless" loop, unless you've removed that alarm() call. To quote from my previous message: At 3:46 PM -0500 10/7/01, Geoff Hutchison wrote:
remote user can force the CGI to stall until it times out
Cheers, -- -- -Geoff Hutchison Williams Students Online http://wso.williams.edu/
Current thread:
- [CLA-2001:429] Conectiva Linux Security Announcement - htdig secure (Oct 10)
- Re: [CLA-2001:429] Conectiva Linux Security Announcement - htdig Geoff Hutchison (Oct 11)