FrSIRT - Fedora Security Update Fixes ht://Dig Cross Site Scripting Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes ht://Dig Cross Site Scripting Vulnerability

Title : Fedora Security Update Fixes ht://Dig Cross Site Scripting Vulnerability
Advisory ID : FrSIRT/ADV-2007-4051
CVE ID : CVE-2007-6110
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-03

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary scripting code [...]

Solution

Upgrade the affected packages :

300e76c3b8952740e8b7543c1f947a8b5e310cfb htdig-web-3.2.0b6-12.fc7.ppc64.rpm
b79b7469e0bbbaf1dac0195552dc46c5ca93582c htdig-3.2.0b6-12.fc7.ppc64.rpm
90bd3ac1b196eb325db34ecdb91431b98fd0d8c9 htdig-debuginfo-3.2.0b6-12.fc7.ppc64.rpm
f62fb53e7dbbd0579ec89e3f1a641e0293a85b42 htdig-web-3.2.0b6-12.fc7.i386.rpm
5a0306d75c97421a32bc9ff71f4c9442f4702465 htdig-3.2.0b6-12.fc7.i386.rpm
3651be7c6ddd6fb27b05879c786290d2a6cb44e1 htdig-debuginfo-3.2.0b6-12.fc7.i386.rpm
bc6b3b22b5c9ccac2a6b9508a986fba11651c193 htdig-3.2.0b6-12.fc7.x86_64.rpm
dd347f609d1ec6901dd3cc600844e1645c497145 htdig-debuginfo-3.2.0b6-12.fc7.x86_64.rpm
02938452ac95251dc707de3b3c14e5a835283e35 htdig-web-3.2.0b6-12.fc7.x86_64.rpm
d908f3b776446b0660f131a2e91ef36cc09612b4 htdig-web-3.2.0b6-12.fc7.ppc.rpm
6ab64f8a04d3c6b2e2a1661fe07db139d5437b6f htdig-3.2.0b6-12.fc7.ppc.rpm
21c2c560b00ceddb2cfa4885b8db809f227fa7cf htdig-debuginfo-3.2.0b6-12.fc7.ppc.rpm
229d141f98c269381b309cc1035ed6de2daa894d htdig-3.2.0b6-12.fc7.src.rpm

df489b690411dfca75287ca98cf65221284b1674 htdig-debuginfo-3.2.0b6-13.fc8.ppc64.rpm
41963ec1b5f8ec2f19455e2958434c813d5117fd htdig-3.2.0b6-13.fc8.ppc64.rpm
b118f2343e0b622b52d6ec49ba62f9ddb796fa3d htdig-web-3.2.0b6-13.fc8.ppc64.rpm
9937c4f7d65e5c2df44c31fecec3ff9a51515914 htdig-3.2.0b6-13.fc8.i386.rpm
07f1fa628d1cb14d1b3a1469be9eebdb18c9a897 htdig-web-3.2.0b6-13.fc8.i386.rpm
b3d9d2b8f5c83dc627caacf17cd3b83fce3db138 htdig-debuginfo-3.2.0b6-13.fc8.i386.rpm
efcda410a950a0a41f71cc4bc9dcd52cc488d73b htdig-web-3.2.0b6-13.fc8.x86_64.rpm
2e825ba6c025281164521fb8238b93b7c5bdaeec htdig-3.2.0b6-13.fc8.x86_64.rpm
e0de1a8b899bd90d3bbd2710b233d1340922fe70 htdig-debuginfo-3.2.0b6-13.fc8.x86_64.rpm
48f052c9aeb58106b0cc6c00dbe87921d3c595d7 htdig-web-3.2.0b6-13.fc8.ppc.rpm
558bda32ed8a7eceff84ff40881fea2be7cef4e8 htdig-debuginfo-3.2.0b6-13.fc8.ppc.rpm
cff5440b14b921bb9702d3139c7e4049ec9f25b5 htdig-3.2.0b6-13.fc8.ppc.rpm
f877124496adf5dd07d5f3f54bb04bba6fba29f0 htdig-3.2.0b6-13.fc8.src.rpm

ChangeLog

2007-12-03 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

	Microsoft Office Word Document Handling Code Execution Vulnerability
	Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)
	Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)
	Microsoft Windows Explorer Remote Code Execution (MS08-038)
	Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)
	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability