CVE-2000-0412

Sažetak

The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18-gnapster.adv
http://archives.neohapsis.com/archives/bugtraq/2000-05/0124.html
http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html
http://www.securityfocus.com/bid/1186

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-09-2008 - 19:04

Objavljeno

01-05-1999 - 04:00