Directory Traversal Vulnerability in GNUMP3D by GNU
CVE-2005-3123

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnump3d
Vendor: CVE Published:; 30 October 2005

Summary

A directory traversal vulnerability in GNUMP3D prior to version 2.9.6 enables remote attackers to read arbitrary files by exploiting crafted sequences in the URL. This vulnerability occurs when certain patterns, such as '/.//..//////././', are processed, allowing attackers to bypass directory restrictions and gain unauthorized access to sensitive files.

References

http://www.novell.com/linux/security/advisories/2005_28_s...

vendor-advisoryx_refsource_SUSE

http://www.osvdb.org/20360

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/127

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Oct 30, 2005
Vulnerability Reserved
Oct 3, 2005