Full Disclosure mailing list archives
DDIVRT-2008-17 Orb Directory Traversal
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Thu, 6 Nov 2008 13:59:22 -0600
Title ----- DDIVRT-2008-17 Orb Directory Traversal Severity -------- High Date Discovered --------------- October, 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- Orb Networks' Orb media server is vulnerable to directory traversal attacks. Users can leverage specially crafted GET requests to read arbitrary files. Solution Description -------------------- Use firewall rules to restrict access to authorized users of the Orb server. This issue is fixed in version 2.01.0022 available at http://www.orb.com/download/us/setup_2.01.0022.exe <http://www.orb.com/download/us/setup_2.01.0022.exe> Tested Systems / Software (with versions) ------------------------------------------ Orb version 2.01.0017 on Windows XP Pro SP2 Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2 Vendor Contact -------------- Orb Networks Website: http://www.orb.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DDIVRT-2008-17 Orb Directory Traversal DDI_Vulnerability_Alert (Nov 07)