Info

Disclosure

May 27, 2004

Discovery

Unknown

Dates

Exploit

May 27, 2004

Solution

Unknown

Description

Roundup contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the @@file prefix.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Richard Jones has released a patch to address this vulnerability.

Products

Richard Jones	Roundup	0.6.0
		0.6.1
		0.6.2
		0.6.3
		0.6.4
		0.6.5
		0.6.6
		0.6.7
		0.6.8
		0.6.9
		0.7.0
		0.7.1
		0.7.2

References

Secunia Advisory ID: 11801 12274
CVE ID: 2004-1444 (see also: NVD)
Vendor Specific Advisory URL: http://bugs.gentoo.org/show_bug.cgi?id=53494
http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788
Vendor URL: http://freshmeat.net/projects/roundup/
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200408-09.xml

Credit

Vickenty Fesunov -

Direct URL: http://osvdb.org/6691