GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability

Bugtraq ID:	21959
Class:	Input Validation Error
CVE:	CVE-2007-0159
Remote:	Yes
Local:	No
Published:	Jan 09 2007 12:00AM
Updated:	May 20 2011 04:41PM
Credit:	Dean Gaudet is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Maxmind geoip 1.3.10 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0
Not Vulnerable:

GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability

The 'geoip' application is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

This issue affects versions prior to 1.4.0.

NOTE (May 20, 2011): Reports indicate that paths containing backslash ('\') or colon (':') characters on Windows platforms are not properly handled in the fix for this issue.

GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability

Attackers can exploit this issue via a web client.

GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability

Solution:
Please see the referenced advisory for more information.

NOTE (May 20, 1011): Reports indicate that the fix for this issue is incomplete.


Maxmind geoip 1.3.10

• Ubuntu geoip-bin_1.3.10-1ubuntu0.1_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/g/geoip/geoip-bin_1.3. 10-1ubuntu0.1_i386.deb


• Ubuntu libgeoip-dev_1.3.10-1ubuntu0.1_sparc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip-dev_1.3.1 0-1ubuntu0.1_sparc.deb


• Ubuntu geoip-bin_1.3.10-1ubuntu0.1_sparc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/g/geoip/geoip-bin_1.3. 10-1ubuntu0.1_sparc.deb


• Ubuntu libgeoip1_1.3.10-1ubuntu0.1_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip1_1.3.10-1 ubuntu0.1_amd64.deb


• Ubuntu geoip-bin_1.3.10-1ubuntu0.1_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/g/geoip/geoip-bin_1.3. 10-1ubuntu0.1_amd64.deb


• Ubuntu libgeoip1_1.3.10-1ubuntu0.1_sparc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip1_1.3.10-1 ubuntu0.1_sparc.deb


• Ubuntu libgeoip-dev_1.3.10-1ubuntu0.1_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip-dev_1.3.1 0-1ubuntu0.1_amd64.deb


• Ubuntu libgeoip-dev_1.3.10-1ubuntu0.1_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip-dev_1.3.1 0-1ubuntu0.1_powerpc.deb


• Ubuntu libgeoip1_1.3.10-1ubuntu0.1_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip1_1.3.10-1 ubuntu0.1_powerpc.deb


• Ubuntu libgeoip1_1.3.10-1ubuntu0.1_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip1_1.3.10-1 ubuntu0.1_i386.deb


• Ubuntu geoip-bin_1.3.10-1ubuntu0.1_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/g/geoip/geoip-bin_1.3. 10-1ubuntu0.1_powerpc.deb


• Ubuntu libgeoip-dev_1.3.10-1ubuntu0.1_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/g/geoip/libgeoip-dev_1.3.1 0-1ubuntu0.1_i386.deb

GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability

References:

• CVE Request: GeoIP Directory traversal weakness in geoipupdate (Anthon Pang)
  
• GeoIP 1.4.0 Vulnerability Update ([email protected])
  
• geoip Homepage (Maxmind)