• info
• discussion
• exploit
• solution
• references

ht://Dig Remote Denial of Service/File Disclosure Vulnerability

Solution:
It is recommended by Hewlett-Packard Company that customers download the RPMs listed in the following Red Hat Security Advisory:

2002-03-12 RHSA-2001:139 Updated htdig packages are available

http://rhn.redhat.com/errata/RHSA-2001-139.html

Upgrades available.


The ht://Dig Group ht://Dig 3.1.5 -7

• Caldera 3.1 Server htdig-3.1.5-8.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The ht://Dig Group ht://Dig 3.1.5

• Conectiva 5.0 htdig-3.1.5-2U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/htdig-3.1.5-2U50_1cl.i386 .rpm


• Conectiva 5.1 htdig-3.1.5-2U51_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/htdig-3.1.5-2U51_1cl.i386 .rpm


• Conectiva 6.0 htdig-3.1.5-5U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/htdig-3.1.5-5U60_1cl.i386 .rpm


• Conectiva 7.0 htdig-3.1.5-10U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/htdig-3.1.5-10U70_1cl.i38 6.rpm


• Debian 2.2 all htdig-doc_3.1.5-2.0potato.1_all.deb
  http://security.debian.org/dists/stable/updates/main/binary-all/htdig- doc_3.1.5-2.0potato.1_all.deb


• Debian 2.2 alpha htdig_3.1.5-2.0potato.1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/


• Debian 2.2 arm htdig_3.1.5-2.0potato.1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/htdig_ 3.1.5-2.0potato.1_arm.deb


• Debian 2.2 i386 htdig_3.1.5-2.0potato.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/htdig _3.1.5-2.0potato.1_i386.deb


• Debian 2.2 m68k htdig_3.1.5-2.0potato.1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/htdig _3.1.5-2.0potato.1_m68k.deb


• Debian 2.2 ppc htdig_3.1.5-2.0potato.1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/ht dig_3.1.5-2.0potato.1_powerpc.deb


• Debian 2.2 sparc htdig_3.1.5-2.0potato.1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/


• ht://Dig Group ht://Dig 3.16
  http://www.htdig.org/files/snapshots/


• MandrakeSoft 7.2 htdig-3.1.5-6.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• MandrakeSoft 8.0 htdig-3.1.5-9.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• MandrakeSoft 8.0 ppc htdig-3.1.5-9.1mdk.ppc.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• SuSE 6.3 alpha htdig-3.1.5-177.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.3/n2/htdig-3.1.5-177.alpha.rp m


• SuSE 6.3 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/6.3/n2/htdig-3.1.5-304.i386.rp m


• SuSE 6.4 alpha htdig-3.1.5-177.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/htdig-3.1.5-177.alpha.rp m


• SuSE 6.4 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/htdig-3.1.5-304.i386.rp m


• SuSE 6.4 ppc htdig-3.1.5-208.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/htdig-3.1.5-208.ppc.rpm


• SuSE 7.0 alpha htdig-3.1.5-177.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/htdig-3.1.5-177.alpha.rp m


• SuSE 7.0 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/htdig-3.1.5-304.i386.rp m


• SuSE 7.0 ppc htdig-3.1.5-208.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/htdig-3.1.5-208.ppc.rpm


• SuSE 7.0 sparc htdig-3.1.5-212.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/htdig-3.1.5-212.sparc. rpm


• SuSE 7.1 alpha htdig-3.1.5-177.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/htdig-3.1.5-177.alpha.rp m


• SuSE 7.1 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/htdig-3.1.5-304.i386.rp m


• SuSE 7.1 ppc htdig-3.1.5-209.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/htdig-3.1.5-209.ppc.rpm


• SuSE 7.1 sparc htdig-3.1.5-212.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/htdig-3.1.5-212.sparc. rpm


• SuSE 7.2 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/htdig-3.1.5-304.i386.rp m


• SuSE 7.3 i386 htdig-3.1.5-304.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/htdig-3.1.5-304.i386.rp m

The ht://Dig Group ht://Dig 3.2 0b3

• ht://Dig Group ht://Dig 3.2.0b4
  http://www.htdig.org/files/snapshots/


• RedHat htdig-3.2.0-1.b4.0.71.alpha.rpm
  Red Hat 7.1 Alpha.
  ftp://updates.redhat.com/7.1/en/os/alpha/htdig-3.2.0-1.b4.0.71.alpha.r pm


• RedHat htdig-3.2.0-1.b4.0.71.i386.rpm
  Red Hat 7.1 i386.
  ftp://updates.redhat.com/7.1/en/os/i386/htdig-3.2.0-1.b4.0.71.i386.rpm


• RedHat htdig-3.2.0-1.b4.0.71.ia64.rpm
  Red Hat 7.1 ia64.
  ftp://updates.redhat.com/7.1/en/os/ia64/htdig-3.2.0-1.b4.0.71.ia64.rpm


• RedHat htdig-3.2.0-1.b4.0.71.src.rpm
  ftp://updates.redhat.com/7.1/en/os/SRPMS/htdig-3.2.0-1.b4.0.71.src.rpm


• RedHat htdig-3.2.0-2.011302.i386.rpm
  Red Hat 7.2 i386.
  ftp://updates.redhat.com/redhat/linux/7.3/en/os/i386/RedHat/RPMS/htdig -3.2.0-2.011302.i386.rpm


• RedHat htdig-3.2.0-2.011302.ia64.rpm
  Red Hat 7.2 ia64.
  ftp://updates.redhat.com/7.2/en/os/ia64/htdig-3.2.0-2.011302.ia64.rpm


• RedHat htdig-3.2.0-2.011302.s390.rpm
  Red Hat 7.2 s390.
  ftp://updates.redhat.com/7.2/en/os/s390/htdig-3.2.0-2.011302.s390.rpm


• RedHat htdig-3.2.0-2.011302.src.rpm
  ftp://updates.redhat.com/redhat/linux/7.3/en/os/i386/SRPMS/htdig-3.2.0 -2.011302.src.rpm


• RedHat htdig-web-3.2.0-1.b4.0.71.alpha.rpm
  Red Hat 7.1 Alpha.
  ftp://updates.redhat.com/7.1/en/os/alpha/htdig-web-3.2.0-1.b4.0.71.alp ha.rpm


• RedHat htdig-web-3.2.0-1.b4.0.71.i386.rpm
  Red Hat 7.1 i386.
  ftp://updates.redhat.com/7.1/en/os/i386/htdig-web-3.2.0-1.b4.0.71.i386 .rpm


• RedHat htdig-web-3.2.0-1.b4.0.71.ia64.rpm
  Red Hat 7.1 ia64.
  ftp://updates.redhat.com/7.1/en/os/ia64/htdig-web-3.2.0-1.b4.0.71.ia64 .rpm


• RedHat htdig-web-3.2.0-2.011302.i386.rpm
  Red Hat 7.2 i386.
  ftp://updates.redhat.com/redhat/linux/7.3/en/os/i386/RedHat/RPMS/htdig -web-3.2.0-2.011302.i386.rpm


• RedHat htdig-web-3.2.0-2.011302.ia64.rpm
  Red Hat 7.2 ia64.
  ftp://updates.redhat.com/7.2/en/os/ia64/htdig-web-3.2.0-2.011302.ia64. rpm


• RedHat htdig-web-3.2.0-2.011302.s390.rpm
  Red Hat 7.2 s390.
  ftp://updates.redhat.com/7.2/en/os/s390/htdig-web-3.2.0-2.011302.s390. rpm

The ht://Dig Group ht://Dig 3.2 .0

• MandrakeSoft 8.1 htdig-3.2.0-0.5mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• MandrakeSoft 8.1 htdig-devel-3.2.0-0.5mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• MandrakeSoft 8.1 htdig-web-3.2.0-0.5mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3

The ht://Dig Group ht://Dig 3.2 0b2

• ht://Dig Group ht://Dig 3.2.0b4
  http://www.htdig.org/files/snapshots/