header-logo
Suggest Exploit
vendor:
Newsgrab
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal and Insecure Permissions
22, 732
CWE
Product Name: Newsgrab
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CAN-2005-0153, CAN-2005-0154
CPE: newsgrab
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2005

Newsgrab Multiple Vulnerabilities

Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk. A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. Newsgrab is also reported prone to an unspecified insecure permissions vulnerability. A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.

Mitigation:

Ensure that the software is configured to use secure permissions and that directory traversal sequences are properly sanitized before being employed to store files onto disk.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12428/info

Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported:

Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk.

A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153.

Newsgrab is reported prone to an unspecified insecure permissions vulnerability.

A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154. 

A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.