LimeWire < 4.8.0 Directory Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 2710

Synopsis

The remote client is vulnerable to an arbitrary file download flaw.

Description

The remote host is running LimeWire, a Gnutella client used for peer-to-peer file sharing. The host is running a version of Limewire that is vulnerable to a remote exploit via a parsing error. An attacker exploiting this flaw would pass the client a specially formatted request which, when processed, would give the attacker the ability to download any file on the Gnutella client.

Solution

Upgrade to version 4.8.0 or higher.

Plugin Details

Severity: Medium

ID: 2710

File Name: 2710.prm

Published: 2005/03/15

Modified: 2016/01/21

Nessus ID: 17973

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:limewire:limewire

Reference Information

CVE: CVE-2005-0788, CVE-2005-0789

BID: 12802