Package: diatheke Severity: critical Tags: security Justification: root security hole
The Diatheke CGI allows arbitrary command execution in the context of the webserver, e.g. www-data by simply abusing the range parameter. For example, &range=`yes` will consume tons of resources on the affected webserver. Escalation of privleges and command shells are left as an exercise to the reader. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh Versions of packages diatheke depends on: ii libc6 2.7-8 GNU C Library: Shared libraries ii libcomerr2 1.40.6-1 common error description library ii libgcc1 1:4.3-20080202-1 GCC support library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.7-5 OpenLDAP libraries ii libstdc++6 4.3-20080202-1 The GNU Standard C++ Library v3 ii libsword6 1.5.9-7.1 API/library for bible software ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime Versions of packages diatheke recommends: ii apache2 2.2.8-1 Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.8-1 Traditional model for Apache HTTPD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
