Vulnerabilities > CVE-2005-0788 - Unspecified vulnerability in Limewire 4.1.2/4.5.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | LimeWire 4.1.2 - 4.5.6 Inappropriate Get Request Remote Exploit. CVE-2005-0788. Remote exploits for multiple platform |
| id | EDB-ID:879 |
| last seen | 2016-01-31 |
| modified | 2005-03-14 |
| published | 2005-03-14 |
| reporter | lammat |
| source | https://www.exploit-db.com/download/879/ |
| title | LimeWire 4.1.2 - 4.5.6 Inappropriate Get Request Remote Exploit |
Nessus
NASL family Misc. NASL id LIMEWIRE_REMOTE_UNAUTH_ACCESS.NASL description The remote host seems to be running Lime Wire, a P2P file sharing program. This version is vulnerable to remote unauthorized access flaws. An attacker can access to potentially sensitive files on the remote vulnerable host. last seen 2020-06-01 modified 2020-06-02 plugin id 17973 published 2005-04-06 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17973 title Lime Wire Multiple Remote Unauthorized Access NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-37.NASL description The remote host is affected by the vulnerability described in GLSA-200503-37 (LimeWire: Disclosure of sensitive information) Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789). Impact : A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17667 published 2005-04-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17667 title GLSA-200503-37 : LimeWire: Disclosure of sensitive information
References
- http://marc.info/?l=bugtraq&m=111082448213238&w=2
- http://marc.info/?l=bugtraq&m=111082448213238&w=2
- http://secunia.com/advisories/14555/
- http://secunia.com/advisories/14555/
- http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19693
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19693