Info

Disclosure

Apr 11, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

An undisclosed flaw in DC++ allows an attacker to append arbitrary data to any file on the Direct Connect share drive.

Classification

Location: Remote / Network Access
Attack Type: Other
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 0.674 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

DC++	DC++	0.307
		0.4x
		0.666
		0.667
		0.668
		0.670
		0.671
		0.672
		0.673
		0.674
		0.306

References

Secunia Advisory ID: 14880
Related OSVDB ID: 15433
CVE ID: 2005-1089 (see also: NVD)
Vendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/dcplusplus/dcplusplus/changelog.txt?view=markup
http://dcplusplus.sourceforge.net/index.php?t=8&s=1
Vendor URL: http://dcplusplus.sourceforge.net/
Vendor Specific Solution URL: http://dcplusplus.sourceforge.net/index.php?t=2&s=1
Vendor Specific Advisory URL: http://dcplusplus.sourceforge.net/index.php?t=8&s=1

Credit

cologic -

Direct URL: http://osvdb.org/15433