Signature Detail

P2P: LimeWire Directory Transversal

This signature detects an attempt to exploit a known vulnerability affecting the LimeWire application. A successful attack can cause a LimeWire client to disclose the content of any file on the host system.

Extended Description

Multiple remote unauthorized access vulnerabilities affect Lime Wire. These issues are due to the application failing to securely service malicious requests. Two issues have been reported; both issues are due to a failure of the application to ensure that file requests for files outside of the application's shared directory are denied. An attacker may leverage these issues to gain access to potentially sensitive files with the permissions of the unsuspecting user that activated the affected application.

Affected Products

• Lime Wire LLC Lime Wire 3.9.10
• Lime Wire LLC Lime Wire 3.9.11
• Lime Wire LLC Lime Wire 3.9.12
• Lime Wire LLC Lime Wire 3.9.6
• Lime Wire LLC Lime Wire 3.9.7
• Lime Wire LLC Lime Wire 3.9.8
• Lime Wire LLC Lime Wire 3.9.9
• Lime Wire LLC Lime Wire 4.0.0
• Lime Wire LLC Lime Wire 4.1.0
• Lime Wire LLC Lime Wire 4.1.1
• Lime Wire LLC Lime Wire 4.1.10
• Lime Wire LLC Lime Wire 4.1.2
• Lime Wire LLC Lime Wire 4.1.3
• Lime Wire LLC Lime Wire 4.1.4
• Lime Wire LLC Lime Wire 4.1.5
• Lime Wire LLC Lime Wire 4.1.7
• Lime Wire LLC Lime Wire 4.1.8
• Lime Wire LLC Lime Wire 4.1.9
• Lime Wire LLC Lime Wire 4.2.0
• Lime Wire LLC Lime Wire 4.2.1
• Lime Wire LLC Lime Wire 4.2.2
• Lime Wire LLC Lime Wire 4.2.3
• Lime Wire LLC Lime Wire 4.2.4
• Lime Wire LLC Lime Wire 4.2.5
• Lime Wire LLC Lime Wire 4.2.6
• Lime Wire LLC Lime Wire 4.3.0
• Lime Wire LLC Lime Wire 4.3.1
• Lime Wire LLC Lime Wire 4.3.2
• Lime Wire LLC Lime Wire 4.3.3
• Lime Wire LLC Lime Wire 4.4.0
• Lime Wire LLC Lime Wire 4.4.1
• Lime Wire LLC Lime Wire 4.4.2
• Lime Wire LLC Lime Wire 4.4.3
• Lime Wire LLC Lime Wire 4.4.4
• Lime Wire LLC Lime Wire 4.4.5
• Lime Wire LLC Lime Wire 4.6.0

References

• CVE: CVE-2005-0789