Re: [CLA-2001:429] Conectiva Linux Security Announcement - htdig

From: Geoff Hutchison (ghutchisat_private)
Date: Wed Oct 10 2001 - 20:00:21 PDT

Next message: Simon Gales: "INCIDENT: WebCertificate.com hacked"

Previous message: Florencio Umel: "Vulnerability: Cisco PIX Firewall Manager"
In reply to: secureat_private: "[CLA-2001:429] Conectiva Linux Security Announcement - htdig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 7:19 PM -0200 10/10/01, secureat_private wrote:
>A malicious user could point to a file like /dev/zero and let
>  the server run in an endless loop, trying to read config
>  parameters from there.

Whoa there. I haven't looked at the RPMs you're distributing, but the 
htsearch CGI will timeout after a given interval (by default 5 
minutes) via the alarm() call. Yes, the /dev/zero URL could be used 
for a Denial of Service attack in this fashion. Yes, it's a bug and a 
reason to upgrade.

No, this is not an "endless" loop, unless you've removed that alarm() call.

To quote from my previous message:
At 3:46 PM -0500 10/7/01, Geoff Hutchison wrote:
>remote user can force the CGI to stall until it times out

Cheers,
-- 
--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

Next message: Simon Gales: "INCIDENT: WebCertificate.com hacked"
Previous message: Florencio Umel: "Vulnerability: Cisco PIX Firewall Manager"
In reply to: secureat_private: "[CLA-2001:429] Conectiva Linux Security Announcement - htdig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 08:23:46 PDT