Gnapster Absolute Path Name Request Arbitrary File Access

High Nessus Plugin ID 10408


The remote host has a P2P file sharing application installed.


An insecure Napster clone (e.g. Gnapster or Knapster) is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the files.


If this is Gnapster, upgrade to version 1.3.9 or later, as this reportedly fixes the issue.

See Also

Plugin Details

Severity: High

ID: 10408

File Name: gnapster_get_file.nasl

Version: $Revision: 1.24 $

Type: remote

Published: 2000/05/12

Modified: 2016/10/10

Dependencies: 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Services/napster

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/05/10

Reference Information

CVE: CVE-2000-0412

BID: 1186

OSVDB: 310, 11875