Gentoo Logo

LimeWire: Disclosure of sensitive information

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200503-37 / LimeWire
Release Date March 31, 2005
Latest Revision March 31, 2005: 01
Impact low
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-p2p/limewire < 4.8.1 >= 4.8.1 All supported architectures

Related bugreports: #85380

Synopsis

Two vulnerabilities in LimeWire can be exploited to disclose sensitive information.

2.  Impact Information

Background

LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol.

Description

Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).

Impact

A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All LimeWire users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"

4.  References

Print

Page updated March 31, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.