aria2 Metalink File Handling Directory Traversal Vulnerability
BID:40142
Info
aria2 Metalink File Handling Directory Traversal Vulnerability
| Bugtraq ID: | 40142 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1512 |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2010 12:00AM |
| Updated: | Apr 13 2015 09:23PM |
| Credit: | Stefan Cornelius |
| Vulnerable: |
Tatsuhiro Tsujikawa aria2 1.9.1 build2 S.u.S.E. openSUSE 11.2 S.u.S.E. openSUSE 11.1 Pardus Linux 2009 0 Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 Mandriva Linux Mandrake 2009.1 x86_64 Mandriva Linux Mandrake 2009.1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 |
| Not Vulnerable: |
Tatsuhiro Tsujikawa aria2 1.9.3 |
Discussion
aria2 Metalink File Handling Directory Traversal Vulnerability
aria2 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to place files in arbitrary directories within the context of the application. This may allow attackers to compromise an affected system.
aria2 1.9.1 build2 is vulnerable; other versions may also be affected.
aria2 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to place files in arbitrary directories within the context of the application. This may allow attackers to compromise an affected system.
aria2 1.9.1 build2 is vulnerable; other versions may also be affected.
Exploit / POC
aria2 Metalink File Handling Directory Traversal Vulnerability
An attacker can exploit this issue by crafting a malicious metalink file using widely available tools and utilities.
An attacker can exploit this issue by crafting a malicious metalink file using widely available tools and utilities.
Solution / Fix
aria2 Metalink File Handling Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2010.0 x86_64
Debian Linux 5.0 hppa
Debian Linux 5.0 ia-64
Mandriva Linux Mandrake 2009.1 x86_64
Debian Linux 5.0 arm
Mandriva Linux Mandrake 2009.0
Debian Linux 5.0 armel
MandrakeSoft Enterprise Server 5 x86_64
Debian Linux 5.0 alpha
Debian Linux 5.0 amd64
Mandriva Linux Mandrake 2009.0 x86_64
Debian Linux 5.0 ia-32
Debian Linux 5.0 mips
MandrakeSoft Enterprise Server 5
Debian Linux 5.0 s/390
Debian Linux 5.0 mipsel
Mandriva Linux Mandrake 2009.1
Debian Linux 5.0 powerpc
Mandriva Linux Mandrake 2010.0
Debian Linux 5.0 sparc
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2010.0 x86_64
-
Mandriva aria2-1.6.2-1.4mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 hppa
-
Debian aria2_0.14.0-1+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_hppa.deb
Debian Linux 5.0 ia-64
-
Debian aria2_0.14.0-1+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_ia64.deb
Mandriva Linux Mandrake 2009.1 x86_64
-
Mandriva aria2-1.2.0-0.20090201.5.3mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 arm
-
Debian aria2_0.14.0-1+lenny2_arm.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_arm.deb
Mandriva Linux Mandrake 2009.0
-
Mandriva aria2-0.15.3-0.20080918.3.2mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 armel
-
Debian aria2_0.14.0-1+lenny2_armel.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_armel.deb
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva aria2-0.15.3-0.20080918.3.2mdvmes5.1.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 alpha
-
Debian aria2_0.14.0-1+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_alpha.deb
Debian Linux 5.0 amd64
-
Debian aria2_0.14.0-1+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_amd64.deb
Mandriva Linux Mandrake 2009.0 x86_64
-
Mandriva aria2-0.15.3-0.20080918.3.2mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 ia-32
-
Debian aria2_0.14.0-1+lenny2_i386.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_i386.deb
Debian Linux 5.0 mips
-
Debian aria2_0.14.0-1+lenny2_mips.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_mips.deb
MandrakeSoft Enterprise Server 5
-
Mandriva aria2-0.15.3-0.20080918.3.2mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 s/390
-
Debian aria2_0.14.0-1+lenny2_s390.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_s390.deb
Debian Linux 5.0 mipsel
-
Debian aria2_0.14.0-1+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_mipsel.deb
Mandriva Linux Mandrake 2009.1
-
Mandriva aria2-1.2.0-0.20090201.5.3mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 powerpc
-
Debian aria2_0.14.0-1+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_powerpc.deb
Mandriva Linux Mandrake 2010.0
-
Mandriva aria2-1.6.2-1.4mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 sparc
-
Debian aria2_0.14.0-1+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny2_sparc.deb
References
aria2 Metalink File Handling Directory Traversal Vulnerability
References:
References:
- aria2 Homepage (Tatsuhiro Tsujikawa)
- aria2 metalink name Directory Traversal Vulnerability (Secunia)