Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities

Bugtraq ID:	25583
Class:	Unknown
CVE:	CVE-2007-4844 CVE-2007-4843
Remote:	Yes
Local:	No
Published:	Sep 06 2007 12:00AM
Updated:	Jul 06 2016 02:17PM
Credit:	Gynvael Coldwind is credited with the discovery of these vulnerabilities.
Vulnerable:	X-Diesel Unreal Commander 0.92 (build 573) X-Diesel Unreal Commander 0.92 (build 565)
Not Vulnerable:

Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities

Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue.

An attacker can exploit these issues to compromise the affected computer, write files to arbitrary locations, and crash the affected application.

Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.

Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/25583.py

Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities

References:

• Unreal Commander Homepage (X-Diesel)
  
• [HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-bas ([email protected])