Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Red Hat: RHSA-2000:022-01 Moderate: Knapster Unauthorized File Access

Calendar May 11, 2000 User Avatar LinuxSecurity Advisories
1 - 2 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory unauthorized access Red Hat moderate severity file access Knapster obfuscation

It is possible for anyone to obtain any user-readable file by sending a properly formed "GET" command that contains the full path of the file. This vulnerability exists because knapster fails to check that the requested file is an explicitly shared MP3 file before providing it.

KNapster Vulnerability Compromises User-readable Files

This vulnerability was discovered at the Center for Education and Research
in Information Assurance and Security (CERIAS) at Purdue University
 by:

     Tom Daniels <This email address is being protected from spambots. You need JavaScript enabled to view it.>
     Florian Buchholz <This email address is being protected from spambots. You need JavaScript enabled to view it.>
     James Early <This email address is being protected from spambots. You need JavaScript enabled to view it.>

Environment: Intel PII-based System
             Linux Red Hat Version 6.2 (may apply to all OS's running knapster)
             KNapster Version 0.9 (and probably earlier)

Knapster is an open source, independent implementation of the Napster protocol client. 
It is written to conform to the KDE windowing environment.

Problem: It is possible for anyone to obtain any user-readable file by sending a
         properly formed "GET" command that contains the full path of
         the file. This vulnerability exists because knapster
         fails to check that the requested file is an explicitly shared MP3 file
         before providing it.

Note: This is the same vulnerability described in FreeBSD-SA-00:18 but in
knapster instead of gnapster.
         Anyone running knapster version 0.9 or less is vulnerable.  Given the
         IP address and TCP port of a vulnerable client, an attacker can
         send a request for an arbitrary file to the knapster client.  If the
         user has read access to the file, the client will then respond with
         the contents of the file.

Solution: We contacted the program's author, and he promptly created
          a new version which addresses this vulnerability. The fix simply
          checks that a requested file is in the list of shared files. The current
          version can be downloaded from:

          http://vtun.netpedia.net/

Exploit: Two of us have developed an exploit code for this vulnerability, but we will
         not be releasing this to the public.

Conclusion: We have described a vulnerability in one client implementation of the napster 
protocol. There may be similar problems in other implementations 
of the protocol  as we have not done an exhaustive search.  
The official Windows client does not seem to be affected
</This email address is being protected from spambots. You need JavaScript enabled to view it.></This email address is being protected from spambots. You need JavaScript enabled to view it.></This email address is being protected from spambots. You need JavaScript enabled to view it.>

Red Hat: RHSA-2000:022-01 Moderate: Knapster Unauthorized File Access

red hat
Calendar Grey May 11, 2000
Dist Redhat Esm H88
The DataShift vulnerability allows sensitive information to be accessed by malicious actors via a crafted POST request. Investigate possible remedies contained within.

It is possible for anyone to obtain any user-readable file by sending a properly formed "GET" command that contains the full path of the file

Solution

a new version which addresses this vulnerability. The fix simply checks that a requested file is in the list of shared files. The current version can be downloaded from:

http://vtun.netpedia.net/

Exploit: Two of us have developed an exploit code for this vulnerability, but we will not be releasing this to the public.

Conclusion: We have described a vulnerability in one client implementation of the napster protocol. There may be similar problems in other implementations of the protocol as we have not done an exhaustive search. The official Windows client does not seem to be affected </earlyjp@cs.purdue.edu></florian@cerias.purdue.edu></daniels@cerias.purdue.edu>

Summary

Topics%20covered

Topics Covered

security advisory unauthorized access Red Hat moderate severity file access Knapster obfuscation

References


Warning: Undefined array key "references" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3997670_2ac7864bc13ffad3c35c316dc763b63a on line 11

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Topic

Topics%20covered

Topics Covered

security advisory unauthorized access Red Hat moderate severity file access Knapster obfuscation

Relevant Releases Architectures


Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3997670_3e4bf4acb8c07dfea38b8147414a3c74 on line 11

Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3997670_3e4bf4acb8c07dfea38b8147414a3c74 on line 16

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here