Gnapster Absolute Path Name Request Arbitrary File Access

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

The remote host has a P2P file sharing application installed.

Description :

An insecure Napster clone (e.g. Gnapster or Knapster) is running on
the remote computer, which allows an intruder to read arbitrary files
on this system, regardless of the shared status of the files.

See also :

http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html

Solution :

If this is Gnapster, upgrade to version 1.3.9 or later, as this
reportedly fixes the issue.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 10408 (gnapster_get_file.nasl)

Bugtraq ID: 1186

CVE ID: CVE-2000-0412

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial