|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200511-16] GNUMP3d: Directory traversal and insecure temporary file creation Vulnerability Scan
Vulnerability Scan Summary GNUMP3d: Directory traversal and insecure temporary file creation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200511-16
(GNUMP3d: Directory traversal and insecure temporary file creation)
Ludwig Nussel from SUSE Linux has identified two vulnerabilities
in GNUMP3d. GNUMP3d fails to properly check for the existence of
/tmp/index.lok before writing to the file, allowing for local
unauthorized access to files owned by the user running GNUMP3d. GNUMP3d
also fails to properly validate the "theme" GET variable from CGI
input, allowing for unauthorized file inclusion.
Impact
A possible hacker could overwrite files owned by the user running
GNUMP3d by symlinking /tmp/index.lok to the file targeted for
overwrite. A possible hacker could also include arbitrary files by traversing
up the directory tree (at most two times, i.e. "../..") with the
"theme" GET variable.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3355
http://www.gnu.org/software/gnump3d/ChangeLog
Solution:
All GNUMP3d users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9.7-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|