CVE-2007-6636 - Permissions, Privileges, and Access Control vulnerability in Bitflu 0.41

Publication

2008-01-04

Last modification

2017-08-08

Summary

Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.

Description

Bitflu is prone to a security-bypass vulnerability.An attacker can exploit this issue to append to or create arbitrary files.This issue affects versions prior to Bitflu 0.42.

Solution

The vendor has released Bitflu 0.42 to address this issue. Please see the references for more information. Bitflu Bitflu 0.40 Bitflu bitflu-0.42.tgz http://bitflu.workaround.ch/bitflu/bitflu-0.42.tgz Bitflu Bitflu 0.41 Bitflu bitflu-0.42.tgz http://bitflu.workaround.ch/bitflu/bitflu-0.42.tgz

Exploit

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:N)

Medium

5.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Bitflu Bitflu  0.41