Mega Upload Filenames in Querystring May Let Malicious Users Overwrite or Copy Files
|
|
SecurityTracker Alert ID: 1011960
|
|
SecurityTracker URL: http://securitytracker.com/id?1011960
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 27 2004
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.4 - 1.44
|
Description: A security issue was reported in Mega Upload. A remote user may be able to cause files to be overwritten.
The vendor reported that files to be uploaded are specified via the querystring. A remote user can create a specially crafted URL
containing bogus pathnames that, when loaded, will cause files to be overwritten or copied.
The vendor has issued a fixed version
(1.45), available at:
http://sourceforge.net/project/showfiles.php?group_id=87646
|
Impact: A malicious user may be able to copy or overwrite files on the target system.
|
Solution: The vendor has issued a fixed version (1.45), available at:
http://sourceforge.net/project/showfiles.php?group_id=87646
|
Vendor URL: www.raditha.com/megaupload/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 27 Oct 2004 01:51:59 -0400
Subject: http://www.raditha.com/blog/archives/000547.html
|
> the 1.4x branch passes the list of file names as part of the querystring. It does
> not make use of the internal post as the 1.3x branch does. This unfortunately leads
> to the possibility of a malicious user passing in bogus pathnames that could result
> in files been overwritten. Or would allow the user making a copy of important files
> on the server.
The vendor has issued a fixed version (1.45), available at:
http://sourceforge.net/project/showfiles.php?group_id=87646
|
|
