Lucene search

K
osvGoogleOSV:DSA-901-1
HistoryNov 19, 2005 - 12:00 a.m.

gnump3d - programming error

2005-11-1900:00:00
Google
osv.dev
4

EPSS

0.004

Percentile

74.3%

Several vulnerabilities have been discovered in gnump3d, a streaming
server for MP3 and OGG files. The Common Vulnerabilities and
Exposures Project identifies the following problems:

  • CVE-2005-3349
    Ludwig Nussel discovered several temporary files that are created
    with predictable filenames in an insecure fashion and allows local
    attackers to craft symlink attacks.
  • CVE-2005-3355
    Ludwig Nussel discovered that the theme parameter to HTTP
    requests may be used for path traversal.

The old stable distribution (woody) does not contain a gnump3d package.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.3-1sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.8-1.

We recommend that you upgrade your gnump3 package.

EPSS

0.004

Percentile

74.3%