Vulnerabilities > CVE-2005-0789 - Unspecified vulnerability in Limewire 3.9.6/4.6.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
limewire
nessus

Summary

Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request.

Vulnerable Configurations

Part Description Count
Application
Limewire
2

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200503-37.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200503-37 (LimeWire: Disclosure of sensitive information) Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789). Impact : A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id17667
published2005-04-01
reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/17667
titleGLSA-200503-37 : LimeWire: Disclosure of sensitive information
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200503-37.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(17667);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:42");

  script_cve_id("CVE-2005-0788", "CVE-2005-0789");
  script_xref(name:"GLSA", value:"200503-37");

  script_name(english:"GLSA-200503-37 : LimeWire: Disclosure of sensitive information");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200503-37
(LimeWire: Disclosure of sensitive information)

    Two input validation errors were found in the handling of Gnutella
    GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).
  
Impact :

    A remote attacker can craft a specific Gnutella GET request or use
    directory traversal on magnet requests to read arbitrary files on the
    system with the rights of the user running LimeWire.
  
Workaround :

    There is no known workaround at this time."
  );
  # http://secunia.com/advisories/14555/
  script_set_attribute(
    attribute:"see_also",
    value:"https://secuniaresearch.flexerasoftware.com/advisories/14555/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200503-37"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All LimeWire users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-p2p/limewire-4.8.1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:limewire");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-p2p/limewire", unaffected:make_list("ge 4.8.1"), vulnerable:make_list("lt 4.8.1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LimeWire");
}