| VID |
22366 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of MiniShare Web server which is older than version 1.4.2 is detected as running on the host. MiniShare is a file sharing program for Microsoft Windows operating systems. MiniShare version 1.4.1 and earlier versions are vulnerable to a buffer overflow vulnerability in the processing of requested URLs. By sending a specially-crafted file name in a the GET request, a remote attacker could cause the affected server to crash or execute arbitrary code on the server.
* Note: This check solely relied on the version number of the remote MiniShare Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0208.html
http://securitytracker.com/alerts/2004/Nov/1012106.html
* Platforms Affected:
SourceForge.net, MiniShare version 1.4.1 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MiniShare (1.4.2 or later), available from the MiniShare Web site at http://minishare.sourceforge.net/ |
| Related URL |
CVE-2004-2271 (CVE) |
| Related URL |
11620 (SecurityFocus) |
| Related URL |
17978 (ISS) |
|
