Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nodezilla | Ali_bousahid | 0.4.0_corno_fulgure (including) | 0.4.0_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.1_corno_fulgure (including) | 0.4.1_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.2_corno_fulgure (including) | 0.4.2_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.3_corno_fulgure (including) | 0.4.3_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.4_corno_fulgure (including) | 0.4.4_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.5_corno_fulgure (including) | 0.4.5_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.6_corno_fulgure (including) | 0.4.6_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.7_corno_fulgure (including) | 0.4.7_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.8_corno_fulgure (including) | 0.4.8_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.9_corno_fulgure (including) | 0.4.9_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.10_corno_fulgure (including) | 0.4.10_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.11_corno_fulgure (including) | 0.4.11_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.12_corno_fulgure (including) | 0.4.12_corno_fulgure (including) |
| Nodezilla | Ali_bousahid | 0.4.13_corno_fulgure (including) | 0.4.13_corno_fulgure (including) |
References
- http://secunia.com/advisories/17867
- http://www.nodezilla.net/history.txt
- http://www.securityfocus.com/bid/15704
- http://www.vupen.com/english/advisories/2005/2731
- http://secunia.com/advisories/17867
- http://www.nodezilla.net/history.txt
- http://www.securityfocus.com/bid/15704
- http://www.vupen.com/english/advisories/2005/2731