Liferea Feedlist.OPML Local Information Disclosure Vulnerability
BID:26254
Info
Liferea Feedlist.OPML Local Information Disclosure Vulnerability
| Bugtraq ID: | 26254 |
| Class: | Design Error |
| CVE: |
CVE-2007-5751 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 30 2007 12:00AM |
| Updated: | Nov 02 2007 06:06PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
Redhat Fedora Core7 Liferea Liferea 1.4.5 Liferea Liferea 1.4.5b |
| Not Vulnerable: |
Liferea Liferea 1.4.6 |
Discussion
Liferea Feedlist.OPML Local Information Disclosure Vulnerability
Liferea is prone to a local information-disclosure vulnerability because the application fails to set file permissions correctly on a backup file.
Attackers can leverage this issue to obtain sensitive information used to construct valid login credentials.
This issue affects versions prior to Liferea 1.4.6.
Liferea is prone to a local information-disclosure vulnerability because the application fails to set file permissions correctly on a backup file.
Attackers can leverage this issue to obtain sensitive information used to construct valid login credentials.
This issue affects versions prior to Liferea 1.4.6.
Exploit / POC
Liferea Feedlist.OPML Local Information Disclosure Vulnerability
To exploit this issue, an attacker needs local interactive access to the computer.
To exploit this issue, an attacker needs local interactive access to the computer.
Solution / Fix
Liferea Feedlist.OPML Local Information Disclosure Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Liferea Liferea 1.4.5b
Liferea Liferea 1.4.5
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Liferea Liferea 1.4.5b
-
Liferea Liferea 1.4.6
http://downloads.sourceforge.net/liferea/liferea-1.4.6.tar.gz?modtime= 1193695496&big_mirror=0
Liferea Liferea 1.4.5
References
Liferea Feedlist.OPML Local Information Disclosure Vulnerability
References:
References:
- Liferea 1.4.6. Changelog (Liferea)
- Vendor Homepage (Liferea)