Suggest A Fix PC Support Forums > Vulnerability in Gnut Gnutella

Full Version: Vulnerability in Gnut Gnutella

Suggest A Fix PC Support Forums > Security > Security News and Warnings

115-997562313

Sep 9 2001, 05:54 AM

- Vulnerability in Gnut Gnutella -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, 6 September 2001 - SecurityFocus have reported about a problem
found in Gnut Gnutella, which allows attackers to run arbitrary codes on
users' systems.

This vulnerability is located in the Gnut web interface, which returns
the results of queries in HTML format, without filtering the code a web
page could contain. This makes it possible for an attacker to insert
script code as a part of the file name and the user would execute it
locally when he receives this information as part of its query.

Gnut versions affected by this problem include versions 0.4.20 through
0.4.26. To solve this problem, users must update this program,
downloading version 0.4.27, available at
http://www.gnutelliums.com/linux_unix/gnut/tars/gnut-0.4.27.tar.gz

(*)Gnut is a free-distribution utility for Windows and Linux which works
as a client for Gnutella. Gnutella is a network which allows users to
convert their systems in servers in order to search and share files
between them.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.