[Home] [Credit Search] [Category Browser] [Staff Roll Call] The LINUX.COM Article Archive
Originally Published: Friday, 10 December 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Std View]

Debian Security Advisory : htdig

"The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for shell escapes. This can be exploited by creating files with filenames that include shell escapes to run arbitraty commands on the machine that runs htdig." Updates are available.



Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.