GLSA-200511-16 : GNUMP3d: Directory traversal and insecure temporary file creation

medium Nessus Plugin ID 20244

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200511-16 (GNUMP3d: Directory traversal and insecure temporary file creation)

Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing for local unauthorized access to files owned by the user running GNUMP3d. GNUMP3d also fails to properly validate the 'theme' GET variable from CGI input, allowing for unauthorized file inclusion.
Impact :

An attacker could overwrite files owned by the user running GNUMP3d by symlinking /tmp/index.lok to the file targeted for overwrite. An attacker could also include arbitrary files by traversing up the directory tree (at most two times, i.e. '../..') with the 'theme' GET variable.
Workaround :

There is no known workaround at this time.

Solution

All GNUMP3d users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/gnump3d-2.9_pre7'

See Also

http://www.gnu.org/software/gnump3d/ChangeLog

https://security.gentoo.org/glsa/200511-16

Plugin Details

Severity: Medium

ID: 20244

File Name: gentoo_GLSA-200511-16.nasl

Version: 1.15

Type: local

Published: 11/22/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:gnump3d, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 11/21/2005

Vulnerability Publication Date: 11/17/2005

Reference Information

CVE: CVE-2005-3349, CVE-2005-3355

GLSA: 200511-16