Home / vulnerabilities DDIVRT-2008-17.txt
Posted on 07 November 2008
Source : packetstormsecurity.org Link
Title
-----
DDIVRT-2008-17 Orb Directory Traversal
Severity
--------
High
Date Discovered
---------------
October, 21st 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@b13$
Vulnerability Description
-------------------------
Orb Networks' Orb media server is vulnerable to directory traversal
attacks. Users can leverage specially crafted GET requests to read
arbitrary files.
Solution Description
--------------------
Use firewall rules to restrict access to authorized users of the Orb
server.
This issue is fixed in version 2.01.0022 available at
http://www.orb.com/download/us/setup_2.01.0022.exe
<http://www.orb.com/download/us/setup_2.01.0022.exe>
Tested Systems / Software (with versions)
------------------------------------------
Orb version 2.01.0017 on Windows XP Pro SP2
Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on
Windows XP Pro SP2
Vendor Contact
--------------
Orb Networks
Website: http://www.orb.com
