Kazaa Lite K++ sig2dat File: Parameter Traversal Arbitrary File Creation

2005-01-17T09:42:50
ID OSVDB:13036
Type osvdb
Reporter Rafel Ivgi()
Modified 2005-01-17T09:42:50

Description

Vulnerability Description

Kazaa Lite K++ contains a flaw that may allow a malicious user to create files in arbitrary locations within the same partition as the shared folder. The issue is caused by directory traversal (../) attacks using the File: parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity and availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Kazaa Lite K++ contains a flaw that may allow a malicious user to create files in arbitrary locations within the same partition as the shared folder. The issue is caused by directory traversal (../) attacks using the File: parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity and availability.

Manual Testing Notes

sig2dat://%7CFile:../../../../../../Docume~1/All Users/Start Menu/ Programs/Startup/cool.bat%7CLength:373236528%20Bytes,364489KB%7CUUHash:=DEf m3HmvILkNcbY7j5NGa%2BD11CQ=%7C/

References:

Security Tracker: 1012920 Secunia Advisory ID:13879 Related OSVDB ID: 13035 Other Advisory URL: http://theinsider.deep-ice.com/texts/advisory70.txt