|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-37] LimeWire: Disclosure of sensitive information Vulnerability Scan
Vulnerability Scan Summary LimeWire: Disclosure of sensitive information
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-37
(LimeWire: Disclosure of sensitive information)
Two input validation errors were found in the handling of Gnutella
GET requests (CVE-2005-0788) and magnet requests (CVE-2005-0789).
Impact
A remote attacker can craft a specific Gnutella GET request or use
directory traversal on magnet requests to read arbitrary files on the
system with the rights of the user running LimeWire.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0789
http://secunia.com/advisories/14555/
Solution:
All LimeWire users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|