SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ht//Dig Vendors:   ht//Dig Group
(Red Hat Issues Fix) ht://Dig Input Validation Hole in 'sort' Parameter Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1019032
SecurityTracker URL:  http://securitytracker.com/id/1019032
CVE Reference:   CVE-2007-6110   (Links to External Site)
Date:  Dec 3 2007
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2.0b6
Description:   A vulnerability was reported in ht://Dig. A remote user can conduct cross-site scripting attacks.

The software does not properly filter HTML code from user-supplied input in the 'sort' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the ht//Dig software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://[target]/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo

Michael Skibbe reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the ht://Dig software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Red Hat has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2007-1095.html

Vendor URL:  www.htdig.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  4, 5

Message History:   This archive entry is a follow-up to the message listed below.
Nov 29 2007 ht://Dig Input Validation Hole in 'sort' Parameter Permits Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [RHSA-2007:1095-01] Moderate: htdig security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: htdig security update
Advisory ID:       RHSA-2007:1095-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1095.html
Issue date:        2007-12-03
Updated on:        2007-12-03
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-6110 
- ---------------------------------------------------------------------

1. Summary:

Updated htdig packages that resolve a security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The ht://Dig system is a complete World Wide Web indexing and searching
system for a small domain or intranet.

A cross-site scripting flaw was discovered in a htdig search page. An
attacker could construct a carefully crafted URL, which once visited by an 
unsuspecting user, could cause a user's Web browser to execute malicious
script in the context of the visited htdig search Web page. (CVE-2007-6110)

Users of htdig are advised to upgrade to these updated packages, which
contain backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

399561 - CVE-2007-6110 htdig htsearch XSS vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm
da98d8dfeea252f3970e81a7e120ac5c  htdig-3.2.0b6-4.el4_6.src.rpm

i386:
72213d098b97f44c998fb6e23fb9e457  htdig-3.2.0b6-4.el4_6.i386.rpm
21f08bd8417523a71393ab0ebf59c732  htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm
474e7f333c8d034c8694707695141645  htdig-web-3.2.0b6-4.el4_6.i386.rpm

ia64:
b04ec2235312dc8b3558c75d2afa92dc  htdig-3.2.0b6-4.el4_6.ia64.rpm
e1a11c942291ab8b0e5b0715214767e6  htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm
17ce8f1c662a0afc393146f46aee53d9  htdig-web-3.2.0b6-4.el4_6.ia64.rpm

ppc:
869cb51f3cdb285524d670c709e2a09f  htdig-3.2.0b6-4.el4_6.ppc.rpm
34ea57699ea0d740a7eb3fa83e71aa7d  htdig-debuginfo-3.2.0b6-4.el4_6.ppc.rpm
455c3345b5fb1f485e7330e7e20463a3  htdig-web-3.2.0b6-4.el4_6.ppc.rpm

s390:
1985d5c661d5cd431fd0a8a7fcf31989  htdig-3.2.0b6-4.el4_6.s390.rpm
19bd3238c6675402edcf2eac2faa861f  htdig-debuginfo-3.2.0b6-4.el4_6.s390.rpm
7bdc5aa5361bd1bc423ffff3477024f8  htdig-web-3.2.0b6-4.el4_6.s390.rpm

s390x:
5e2b7d6dbe5e48e76c7e9435b24a10c4  htdig-3.2.0b6-4.el4_6.s390x.rpm
01d8a507bc811d306c1bd0f63ff416e6  htdig-debuginfo-3.2.0b6-4.el4_6.s390x.rpm
0e783d736547810277c5bb9854fd69ac  htdig-web-3.2.0b6-4.el4_6.s390x.rpm

x86_64:
8ac0056031b94ab4a7e70fff903ae276  htdig-3.2.0b6-4.el4_6.x86_64.rpm
8e6606d37e29b5f664a8a34427bc9a31  htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm
01fd44996ad52b0c4f007bf8d5e98220  htdig-web-3.2.0b6-4.el4_6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm
da98d8dfeea252f3970e81a7e120ac5c  htdig-3.2.0b6-4.el4_6.src.rpm

i386:
72213d098b97f44c998fb6e23fb9e457  htdig-3.2.0b6-4.el4_6.i386.rpm
21f08bd8417523a71393ab0ebf59c732  htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm
474e7f333c8d034c8694707695141645  htdig-web-3.2.0b6-4.el4_6.i386.rpm

x86_64:
8ac0056031b94ab4a7e70fff903ae276  htdig-3.2.0b6-4.el4_6.x86_64.rpm
8e6606d37e29b5f664a8a34427bc9a31  htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm
01fd44996ad52b0c4f007bf8d5e98220  htdig-web-3.2.0b6-4.el4_6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm
da98d8dfeea252f3970e81a7e120ac5c  htdig-3.2.0b6-4.el4_6.src.rpm

i386:
72213d098b97f44c998fb6e23fb9e457  htdig-3.2.0b6-4.el4_6.i386.rpm
21f08bd8417523a71393ab0ebf59c732  htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm
474e7f333c8d034c8694707695141645  htdig-web-3.2.0b6-4.el4_6.i386.rpm

ia64:
b04ec2235312dc8b3558c75d2afa92dc  htdig-3.2.0b6-4.el4_6.ia64.rpm
e1a11c942291ab8b0e5b0715214767e6  htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm
17ce8f1c662a0afc393146f46aee53d9  htdig-web-3.2.0b6-4.el4_6.ia64.rpm

x86_64:
8ac0056031b94ab4a7e70fff903ae276  htdig-3.2.0b6-4.el4_6.x86_64.rpm
8e6606d37e29b5f664a8a34427bc9a31  htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm
01fd44996ad52b0c4f007bf8d5e98220  htdig-web-3.2.0b6-4.el4_6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm
da98d8dfeea252f3970e81a7e120ac5c  htdig-3.2.0b6-4.el4_6.src.rpm

i386:
72213d098b97f44c998fb6e23fb9e457  htdig-3.2.0b6-4.el4_6.i386.rpm
21f08bd8417523a71393ab0ebf59c732  htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm
474e7f333c8d034c8694707695141645  htdig-web-3.2.0b6-4.el4_6.i386.rpm

ia64:
b04ec2235312dc8b3558c75d2afa92dc  htdig-3.2.0b6-4.el4_6.ia64.rpm
e1a11c942291ab8b0e5b0715214767e6  htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm
17ce8f1c662a0afc393146f46aee53d9  htdig-web-3.2.0b6-4.el4_6.ia64.rpm

x86_64:
8ac0056031b94ab4a7e70fff903ae276  htdig-3.2.0b6-4.el4_6.x86_64.rpm
8e6606d37e29b5f664a8a34427bc9a31  htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm
01fd44996ad52b0c4f007bf8d5e98220  htdig-web-3.2.0b6-4.el4_6.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm
6fb7a2b9503cb113ee8e487ab2b8807f  htdig-3.2.0b6-9.0.1.el5_1.src.rpm

i386:
ac3f6f528f6cfb5f64201d3e49d8bbb4  htdig-3.2.0b6-9.0.1.el5_1.i386.rpm
b47148da0ff0d487c130cb87d3560acf  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm

x86_64:
8eddaa8a12f404ce14ea4588ee4e4b3b  htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm
b3c8d3baf149903e0e8038bfb1c54f48  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm
6fb7a2b9503cb113ee8e487ab2b8807f  htdig-3.2.0b6-9.0.1.el5_1.src.rpm

i386:
b47148da0ff0d487c130cb87d3560acf  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm
aefa60c107dfcc2d0c8d0b33c630ca20  htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm

x86_64:
b3c8d3baf149903e0e8038bfb1c54f48  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm
96781f707fa53abab3c5d21a42dac088  htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm
6fb7a2b9503cb113ee8e487ab2b8807f  htdig-3.2.0b6-9.0.1.el5_1.src.rpm

i386:
ac3f6f528f6cfb5f64201d3e49d8bbb4  htdig-3.2.0b6-9.0.1.el5_1.i386.rpm
b47148da0ff0d487c130cb87d3560acf  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm
aefa60c107dfcc2d0c8d0b33c630ca20  htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm

ia64:
f57e46687f0d15873845de89150adf91  htdig-3.2.0b6-9.0.1.el5_1.ia64.rpm
b676295a0285e014d42f4c6b59efb447  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.ia64.rpm
a9b7aca74782dbe539fb10f8e693f878  htdig-web-3.2.0b6-9.0.1.el5_1.ia64.rpm

ppc:
4f680df4472a686244522cdba9db032e  htdig-3.2.0b6-9.0.1.el5_1.ppc.rpm
dec195e497ece003c8415010c0691e60  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.ppc.rpm
1b7d0c503366d10bf6ab5a8f36a7fbab  htdig-web-3.2.0b6-9.0.1.el5_1.ppc.rpm

s390x:
4a2b460e0e83827631644c92d6b2f9cc  htdig-3.2.0b6-9.0.1.el5_1.s390x.rpm
f6ea7f4f0c1a545fbeb3541626adb3e0  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.s390x.rpm
0295ecf635676b1970e9df3cd1991b0a  htdig-web-3.2.0b6-9.0.1.el5_1.s390x.rpm

x86_64:
8eddaa8a12f404ce14ea4588ee4e4b3b  htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm
b3c8d3baf149903e0e8038bfb1c54f48  htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm
96781f707fa53abab3c5d21a42dac088  htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6110
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHVCVWXlSAg2UNWIIRAmz1AJwNEXI2eSRiueGcZ/HNSdt3d19GbgCfWHcH
rFV5X0Nz1LWI7+/2j/GTpLI=
=SeDT
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC