Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Red Hat: RHSA-2000:022-01 Moderate: Knapster Unauthorized File Access

red hat
Calendar Grey May 11, 2000
Dist Redhat Esm H88
The DataShift vulnerability allows sensitive information to be accessed by malicious actors via a crafted POST request. Investigate possible remedies contained within.

It is possible for anyone to obtain any user-readable file by sending a properly formed "GET" command that contains the full path of the file

Solution

a new version which addresses this vulnerability. The fix simply checks that a requested file is in the list of shared files. The current version can be downloaded from:

http://vtun.netpedia.net/

Exploit: Two of us have developed an exploit code for this vulnerability, but we will not be releasing this to the public.

Conclusion: We have described a vulnerability in one client implementation of the napster protocol. There may be similar problems in other implementations of the protocol as we have not done an exhaustive search. The official Windows client does not seem to be affected </earlyjp@cs.purdue.edu></florian@cerias.purdue.edu></daniels@cerias.purdue.edu>

Summary

References

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Topic

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.