Vulnerability Description
Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hauri | Livecall | All versions |
| Hauri | Virobot Advanced Server | All versions |
| Hauri | Virobot Expert | 4.0 |
| Hauri | Virobot Linux Server | 2.0 |
References
- http://secunia.com/advisories/15846PatchVendor Advisory
- http://secunia.com/secunia_research/2005-24/advisoryPatchVendor Advisory
- http://securitytracker.com/id?1014740PatchVendor Advisory
- http://www.globalhauri.com/html/download/down_unixpatch.htmlPatch
- http://www.securityfocus.com/bid/14606
- http://secunia.com/advisories/15846PatchVendor Advisory
- http://secunia.com/secunia_research/2005-24/advisoryPatchVendor Advisory
- http://securitytracker.com/id?1014740PatchVendor Advisory
- http://www.globalhauri.com/html/download/down_unixpatch.htmlPatch
- http://www.securityfocus.com/bid/14606
FAQ
What is CVE-2005-2670?
CVE-2005-2670 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via "....
How severe is CVE-2005-2670?
CVE-2005-2670 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2670?
Check the references section above for vendor advisories and patch information. Affected products include: Hauri Livecall, Hauri Virobot Advanced Server, Hauri Virobot Expert, Hauri Virobot Linux Server.