Lucene search
GoogleOSV:DSA-901-1HistoryNov 19, 2005 - 12:00 a.m.
gnump3d - programming error
2005-11-1900:00:00
Google
osv.dev
7
EPSS
0.004
Percentile
74.3%
Several vulnerabilities have been discovered in gnump3d, a streaming
server for MP3 and OGG files. The Common Vulnerabilities and
Exposures Project identifies the following problems:
- CVE-2005-3349
Ludwig Nussel discovered several temporary files that are created
with predictable filenames in an insecure fashion and allows local
attackers to craft symlink attacks. - CVE-2005-3355
Ludwig Nussel discovered that the theme parameter to HTTP
requests may be used for path traversal.
The old stable distribution (woody) does not contain a gnump3d package.
For the stable distribution (sarge) these problems have been fixed in
version 2.9.3-1sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 2.9.8-1.
We recommend that you upgrade your gnump3 package.
References
Related
nessus
nessus
GLSA-200511-16 : GNUMP3d: Directory traversal and insecure temporary file creation
2005-11-22 00:00:00
Debian DSA-901-1 : gnump3d - programming error
2006-10-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 901-1 (gnump3d)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200511-16 (GNUMP3d)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200511-16 (GNUMP3d)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 901-1] New gnump3d packages fix several vulnerabilities
2005-11-19 07:16:36
[SECURITY] [DSA 901-1] New gnump3d packages fix several vulnerabilities
2005-11-19 07:16:36
gentoo
gentoo
GNUMP3d: Directory traversal and insecure temporary file creation
2005-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2005-3349
2005-11-18 00:00:00
CVE-2005-3355
2005-11-18 00:00:00
cve
cve
CVE-2005-3355
2005-11-18 22:03:00
CVE-2005-3349
2005-11-18 22:03:00
cvelist
cvelist
CVE-2005-3349
2005-11-18 22:00:00
CVE-2005-3355
2005-11-18 22:00:00
nvd
nvd
CVE-2005-3349
2005-11-18 22:03:00
CVE-2005-3355
2005-11-18 22:03:00