Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

DDIVRT-2008-17 Orb Directory Traversal

From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Thu, 6 Nov 2008 13:59:22 -0600
Title

-----

DDIVRT-2008-17 Orb Directory Traversal

 

Severity

--------

High

 

Date Discovered

---------------

October, 21st 2008

 

Discovered By

-------------

Digital Defense, Inc. Vulnerability Research Team

Credit: Steven James and r@b13$

 

Vulnerability Description

-------------------------

Orb Networks' Orb media server is vulnerable to directory traversal
attacks.  Users can leverage specially crafted GET requests to read
arbitrary files. 

 

Solution Description

--------------------

Use firewall rules to restrict access to authorized users of the Orb
server.

This issue is fixed in version 2.01.0022 available at

      http://www.orb.com/download/us/setup_2.01.0022.exe
<http://www.orb.com/download/us/setup_2.01.0022.exe>  

 

Tested Systems / Software (with versions)

------------------------------------------

Orb version 2.01.0017 on Windows XP Pro SP2

Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on
Windows XP Pro SP2

 

Vendor Contact

--------------

Orb Networks

Website: http://www.orb.com

 

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: