Rapid7 Vulnerability & Exploit Database

RHSA-2002:062: Insecure DocBook stylesheet option

Back to Search

RHSA-2002:062: Insecure DocBook stylesheet option

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
05/29/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

DocBook is a document markup language that can be transformed into other formats using a stylesheet. The default stylesheet provided with Red Hat Linux has an insecure option enabled.

The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. If an untrusted document uses a full pathname as an identifier, it can cause that file to be written to -- as long as the user performing the conversion has write access. Updated docbook-utils packages are available that disable this feature and enable filenames to be generated based on the type of the element rather than its identifier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0169 to this issue.

Solution(s)

  • redhat-upgrade-docbook-utils
  • redhat-upgrade-docbook-utils-pdf
  • redhat-upgrade-stylesheets

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;