E-Mail:

LimeWire Gnutella Disclosure of Sensitive Information

Tuesday, March 15th, 2005
by Marc Erickson

Secunia Advisory: SA14555

Critical: Moderately critical

Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch

Software: LimeWire 4.x

Kevin Walsh has reported two vulnerabilities in LimeWire, which can be exploited by malicious people to disclose sensitive information.

1) An input validation error in the HTTP handling can be exploited to disclose the content of arbitrary files via a specially crafted request.

Example:
/gnutella/res/[file_with_absolute_path]

The vulnerability has been reported in versions 4.1.2 through 4.5.6.

2) An input validation error in the handling of “magnet” requests can be exploited to disclose the content of arbitrary files via directory traversal attacks.

Example:
/magnet10/../../[file]

The vulnerability has been reported in versions 3.9.6 through 4.6.0.

Solution:
Update to version 4.8 or later.
http://www.limewire.com/english/content/download.shtml

Full article: Secunia Advisory: SA14555

Tags
Categories

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense your hard-earned information back to the community, get involved in our community site today! You can write about anything - no matter the topic. Exceptional candidates will be offered the chance to contribute to (and generate revenue from) the main Lockergnome site. Join us today!

Environment - Dec 2, 2008

New Environmental Threat Discovered In North American Lakes

Internet - Nov 26, 2008

AskPatty.com Launches The Ultimate Experience For Women Car Buyers

Environment - Nov 20, 2008

Effective Global Regulation

Energy - Nov 18, 2008

Hybrid Cars Too Quiet For Pedestrian Safety?

65 queries / 0.240 seconds.