SolidState Multiple Remote File Include Vulnerabilities

Bugtraq ID:	21934
Class:	Input Validation Error
CVE:	CVE-2006-5020
Remote:	Yes
Local:	No
Published:	Oct 28 2006 12:00AM
Updated:	Jan 08 2007 11:26PM
Credit:	These issues were disclosed by the vendor.
Vulnerable:	SolidState SolidState 0.4 SolidState SolidState 0.3
Not Vulnerable:	SolidState SolidState 0.4.1

SolidState Multiple Remote File Include Vulnerabilities

SolidState is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

SolidState Multiple Remote File Include Vulnerabilities

An attacker may exploit these issues using a web client.

SolidState Multiple Remote File Include Vulnerabilities

Solution:
The vendor has released version 0.4.1 to address these issues.


SolidState SolidState 0.3

• SolidState solidstate-0.4.1.tar.gz
  http://www.solid-state.org/Downloads-req-getit-lid-6.htm

SolidState SolidState 0.4

• SolidState solidstate-0.4.1.tar.gz
  http://www.solid-state.org/Downloads-req-getit-lid-6.htm

SolidState Multiple Remote File Include Vulnerabilities

References:

• SolidState Homepage (SolidState)
  
• SolidState v0.4.1 has been released! (SolidState)