Re: [CLA-2001:429] Conectiva Linux Security Announcement - htdig

[Geoff Hutchison <ghutchis () wso williams edu>]

At 7:19 PM -0200 10/10/01, secure () conectiva com br wrote:
> A malicious user could point to a file like /dev/zero and let
>  the server run in an endless loop, trying to read config
>  parameters from there.

Whoa there. I haven't looked at the RPMs you're distributing, but the 
htsearch CGI will timeout after a given interval (by default 5 
minutes) via the alarm() call. Yes, the /dev/zero URL could be used 
for a Denial of Service attack in this fashion. Yes, it's a bug and a 
reason to upgrade.

No, this is not an "endless" loop, unless you've removed that alarm() call.

To quote from my previous message:
At 3:46 PM -0500 10/7/01, Geoff Hutchison wrote:
> remote user can force the CGI to stall until it times out

Cheers,
--
--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/