fkey Arbitrary File Access

2005-01-20T22:24:33
ID OSVDB:13202
Type osvdb
Reporter Vade 79(v9@fakehalo.deadpig.org)
Modified 2005-01-20T22:24:33

Description

Vulnerability Description

fkey contains a flaw that may allow a malicious user to access an arbitrary file. The issue is triggered when a filename path of less than ten characters is sent to the fkey server. It is possible that the flaw may allow sensitive files to be viewed by the attacker resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

fkey contains a flaw that may allow a malicious user to access an arbitrary file. The issue is triggered when a filename path of less than ten characters is sent to the fkey server. It is possible that the flaw may allow sensitive files to be viewed by the attacker resulting in a loss of confidentiality.

References:

Vendor URL: http://www.freshmeat.net/projects/fkey Other Advisory URL: http://www.securiteam.com/exploits/5PP0L0UELA.html Nessus Plugin ID:16224 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0224.html Bugtraq ID: 12321