GuppY dwnld.php file deletion

guppy-dwnld-file-deletion (25141)

Medium Risk

Description:

GuppY could allow a remote attacker to delete arbitrary files. If magic_quotes_gpc is disabled, a remote attacker could send a specially-crafted URL request to the dwnld.php script directory containing "%2E dot" sequences (%2E./), which would allow the attacker to view arbitrary files located on the vulnerable system with privileges of the Web server process. It is also possible to append a NULL byte character (%00) to the targeted file name and delete or corrupt known files that are chmod 666.

Platforms Affected:

• FreeGuppy, GuppY 4.5.11 and prior

Remedy:

Upgrade to the latest version of GuppY (4.5.12 or later), available from the GuppY Web site. See References.

Consequences:

File Manipulation

References:

• BugTraq Mailing List, 2006-03-10 16:32:20, GuppY <= 4.5.11 Remote DoS vulnerability at http://marc.theaimsgroup.com/?l=bugtraq&m=114201738124992&w=2.
• GuppY Web site, GuppY at http://www.freeguppy.org/?lng=en.
• BID-17068: GuppY Dwnld.PHP Remote Directory Traversal Vulnerability
• CVE-2006-1224: Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a %2E. (mixed encoding) in the pg parameter.
• OSVDB ID: 23846: GuppY dwnld.php pg Variable Arbitrary File Overwrite
• OSVDB ID: 23993: GuppY Crafted Traversal Filter Bypass
• SA19222: GuppY "pg" Arbitrary File Overwrite Vulnerability
• SECTRACK ID: 1015753: GuppY Input Validation Flaw in `error.php` Lets Remote Users Execute Arbitrary Code
• VUPEN/ADV-2006-0936: GuppY pg Parameter Handling Remote Arbitrary File Overwrite Vulnerability

Reported:

Mar 10, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page