Nessus Plugin #17667
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200503-37] LimeWire: Disclosure of sensitive information
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- LimeWire: Disclosure of sensitive information
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0788, CAN-2005-0789
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200503-37
- Description:
- The remote host is affected by the vulnerability described in GLSA-200503-37
(LimeWire: Disclosure of sensitive information)
Two input validation errors were found in the handling of Gnutella
GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).
Impact
A remote attacker can craft a specific Gnutella GET request or use
directory traversal on magnet requests to read arbitrary files on the
system with the rights of the user running LimeWire.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0789
http://secunia.com/advisories/14555/
Solution:
All LimeWire users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"
Risk factor : Low
Generiert am 27.04.2005 um 18:49:54 Uhr.