ID CVE-2000-0412
Summary The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
References
Vulnerable Configurations
  • cpe:2.3:a:napster:knapster:napster
    cpe:2.3:a:napster:knapster:napster
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability. CVE-2000-0412. Remote exploit for unix platform
id EDB-ID:19905
last seen 2016-02-02
modified 2000-05-13
published 2000-05-13
reporter no_maam
source https://www.exploit-db.com/download/19905/
title John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability
nessus via4
NASL family Peer-To-Peer File Sharing
NASL id GNAPSTER_GET_FILE.NASL
description An insecure Napster clone (e.g. Gnapster or Knapster) is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the files.
last seen 2019-02-21
modified 2018-11-15
plugin id 10408
published 2000-05-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10408
title Gnapster Absolute Path Name Request Arbitrary File Access
refmap via4
bid 1186
bugtraq
  • 20000510 Gnapster Vulnerability Compromises User-readable Files
  • 20000510 KNapster Vulnerability Compromises User-readable Files
freebsd FreeBSD-SA-00:18
xf gnapster-view-files
Last major update 10-09-2008 - 15:04
Published 01-05-1999 - 00:00
Back to Top