Previously Discovered & Fixed Security Issues.

Sadly several security issues have been discovered in various versions of this program. To ensure that your installation is secure it is highly recommended that you restrict access to your server from non-trusted clients.

Only allowing trusted clients to communicate with your server has protected against all reported bugs except one.

Malicious Password File Download

This issue allowed remote users to download your .password file. Fixed the day it was reported, and the only issue which wasn't prevented by securing your archive.

by Daniel Lyons <fusion@nmt.edu> [Notifed 3/02/2003 - Fixed 3/02/2003]

Directory traversal attacks

There have been several distinct directory traversal attacks attacks reported against the server.

  • Two relating to the use of input requests.
  • One relating to the processing of CGI parameters, or cookie values.
Insecure Use of Temporary Files

The final vulnerability involved the insecure use of files in the /tmp directory, when indexing music. [CVE-2005-3349]