SB2014020203 - Multiple vulnerabilities in CDrummond cantata

Description

This security bulletin contains information about 2 vulnerabilities.

1) Path traversal (CVE-ID: CVE-2013-7300)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-7301)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

Remediation

Install update from vendor's website.

References

• http://seclists.org/oss-sec/2014/q1/121
• http://seclists.org/oss-sec/2014/q1/124
• https://code.google.com/p/cantata/issues/detail?id=356
• https://exchange.xforce.ibmcloud.com/vulnerabilities/90580