Vulnerabilities > CVE-2005-0788 - Unspecified vulnerability in Limewire 4.1.2/4.5.6

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
limewire
nessus
exploit available
NVD
Published: 2005-03-14
Updated: 2017-07-11

Summary

LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.

Vulnerable Configurations

Part Description Count
Application
Limewire
2

Exploit-Db

descriptionLimeWire 4.1.2 - 4.5.6 Inappropriate Get Request Remote Exploit. CVE-2005-0788. Remote exploits for multiple platform
idEDB-ID:879
last seen2016-01-31
modified2005-03-14
published2005-03-14
reporterlammat
sourcehttps://www.exploit-db.com/download/879/
titleLimeWire 4.1.2 - 4.5.6 Inappropriate Get Request Remote Exploit

Nessus

  • NASL familyMisc.
    NASL idLIMEWIRE_REMOTE_UNAUTH_ACCESS.NASL
    descriptionThe remote host seems to be running Lime Wire, a P2P file sharing program. This version is vulnerable to remote unauthorized access flaws. An attacker can access to potentially sensitive files on the remote vulnerable host.
    last seen2020-06-01
    modified2020-06-02
    plugin id17973
    published2005-04-06
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17973
    titleLime Wire Multiple Remote Unauthorized Access
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-37.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-37 (LimeWire: Disclosure of sensitive information) Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789). Impact : A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17667
    published2005-04-01
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17667
    titleGLSA-200503-37 : LimeWire: Disclosure of sensitive information

References