Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3123

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3123
Last Modified 07 Mar 2011 09:25:50
Published 30 Oct 2005 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3123

Summary

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.

Vulnerable Systems

Application

  • Gnump3d 2.9

  • Gnump3d 2.9.1

  • Gnump3d 2.9.2

  • Gnump3d 2.9.3

  • Gnump3d 2.9.4

  • Gnump3d 2.9.5


References

BID - 15228

DEBIAN - DSA-877

SECUNIA - 17351

MLIST - [Gnump3d-users] 20051028 New release - security fixes.

VUPEN - ADV-2005-2242

OSVDB - 20360

SUSE - SUSE-SR:2005:028

SECTRACK - 1015118

SECUNIA - 17559

SUSE - SUSE-SR:2005:027

SREASON - 127


Last Updated: 27 May 2016 10:40:48