CVE-2005-2670

Sažetak

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.

Reference

http://secunia.com/advisories/15846
http://secunia.com/secunia_research/2005-24/advisory
http://securitytracker.com/id?1014740
http://www.globalhauri.com/html/download/down_unixpatch.html
http://www.securityfocus.com/bid/14606

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:52

Objavljeno

23-08-2005 - 04:00