Debian GNU/Linux 2.1: htdig Remote Exploit Critical Update
debian
December 13, 1999
The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem
with calling external programs to handle non-HTML documents: it calls
the external program with the docu...
Summary
Package : htdig
Vulnerability type: remote exploit
Debian-specific : no
The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem
with calling external programs to handle non-HTML documents: it calls
the external program with the document as a parameter, but does not check
for shell escapes. This can be exploited by creating files with filenames
that include shell escapes to run arbitraty commands on the machine that
runs htdig.
This has been fixed in version 3.1.2-4slink6. We recommend you upgrade your
htdig package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel ia32, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
.
1.2-4slink6.diff.gz
MD5 checksum: 9151d7e15d7a2759958c09e6c21f28de
4slink6.dsc
MD5 checksum: fc05d22813afaa9fce10e97a5437ed69
.1.2.orig.ta
r.gz
...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!