• info
• discussion
• exploit
• solution
• references

Dig Config Parameter Cross-Site Scripting Vulnerability

Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Please see the referenced advisories for more information on obtaining and applying appropriate updates.


ht://Dig Group ht://Dig 3.1.6

• Debian htdig-doc_3.1.6-3woody1_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.1.6-3 woody1_all.deb


• Debian htdig_3.1.6-3woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_alpha.deb


• Debian htdig_3.1.6-3woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_arm.deb


• Debian htdig_3.1.6-3woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_hppa.deb


• Debian htdig_3.1.6-3woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_i386.deb


• Debian htdig_3.1.6-3woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_ia64.deb


• Debian htdig_3.1.6-3woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_m68k.deb


• Debian htdig_3.1.6-3woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_mips.deb


• Debian htdig_3.1.6-3woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_mipsel.deb


• Debian htdig_3.1.6-3woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_powerpc.deb


• Debian htdig_3.1.6-3woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_s390.deb


• Debian htdig_3.1.6-3woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3wood y1_sparc.deb


• SuSE htdig-3.1.6-402.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/htdig-3.1.6-402.4 .i586.rpm


• SuSE htdig-3.1.6-402.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/htdig-3.1.6-4 02.4.x86_64.rpm


• SuSE htdig-3.1.6-407.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/htdig-3.1.6-407.i 586.rpm


• SuSE htdig-3.1.6-407.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/htdig-3.1.6-407.i 586.rpm


• SuSE htdig-3.1.6-407.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/htdig-3.1.6-407.i 586.rpm


• SuSE htdig-3.1.6-407.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/htdig-3.1.6-4 07.x86_64.rpm

ht://Dig Group ht://Dig 3.2 .0

• Fedora Legacy htdig-3.2.0-16.20021103.3.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/htdig-3.2.0-16. 20021103.3.legacy.i386.rpm


• Fedora Legacy htdig-3.2.0-19.20030601.2.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/fedora/1/updates/i386/htdig-3.2.0-19. 20030601.2.legacy.i386.rpm


• Fedora Legacy htdig-3.2.0-2.011302.3.legacy.i386.rpm
  Red Hat Linux 7.3:
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/htdig-3.2.0-2 .011302.3.legacy.i386.rpm


• Fedora Legacy htdig-3.2.0b5-7.2.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/htdig-3.2.0b5-7 .2.legacy.i386.rpm


• Fedora Legacy htdig-web-3.2.0-16.20021103.3.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/htdig-web-3.2.0 -16.20021103.3.legacy.i386.rpm


• Fedora Legacy htdig-web-3.2.0-19.20030601.2.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/fedora/1/updates/i386/htdig-web-3.2.0 -19.20030601.2.legacy.i386.rpm


• Fedora Legacy htdig-web-3.2.0-2.011302.3.legacy.i386.rpm
  Red Hat Linux 7.3:
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/htdig-web-3.2 .0-2.011302.3.legacy.i386.rpm


• Fedora Legacy htdig-web-3.2.0b5-7.2.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/htdig-web-3.2.0 b5-7.2.legacy.i386.rpm


• Mandrake htdig-3.2.0-0.7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-3.2.0-0.8.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-devel-3.2.0-0.8.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake htdig-web-3.2.0-0.8.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php

ht://Dig Group ht://Dig 3.2 0b6

• Fedora htdig-3.2.0b6-3.FC3.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora htdig-3.2.0b6-3.FC3.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora htdig-debuginfo-3.2.0b6-3.FC3.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora htdig-debuginfo-3.2.0b6-3.FC3.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora htdig-web-3.2.0b6-3.FC3.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora htdig-web-3.2.0b6-3.FC3.1.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• SuSE htdig-3.2.0b6-3.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/htdig-3.2.0b6-3.2 .i586.rpm


• SuSE htdig-3.2.0b6-3.2.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/htdig-3.2.0b6 -3.2.x86_64.rpm

SCO Open Server 5.0.7

• SCO VOL.000.000 for SCOSA-2005.46
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/507

SCO Open Server 6.0

• SCO VOL.000.000 for SCOSA-2005.46
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/600

SCO Unixware 7.1.3

• SCO erg712807.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.45/713

SCO Unixware 7.1.3 up

• SCO erg712807.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.45/713

SCO Unixware 7.1.4

• SCO erg712807.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.45/714