Is there anyone that understands diatheke that can verify and diagnose this asap?
Daniel P.S. Since it is a security bug why was it made public before there was a chance to fix it? ---------- Forwarded message ---------- From: Dan Dennison <[EMAIL PROTECTED]> Date: 18 Feb 2008 20:35 Subject: Bug#466449: diatheke: Diatheke allows arbitrary command execution using the range parameter To: Debian Bug Tracking System <[EMAIL PROTECTED]> Package: diatheke Severity: critical Tags: security Justification: root security hole The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, &range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr2 1.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5 OpenLDAP libraries ii libstdc++6 4.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1 Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1 Traditional model for Apache HTTPD -- A: No. Q: Should I include quotations after my reply? A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? _______________________________________________ sword-devel mailing list: [email protected] http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
