CVE-2007-0159

{"id": "CVE-2007-0159", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-10T00:28:00.000", "references": [{"url": "http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/31618", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23880", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23906", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:004", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21959", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-412-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0117", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0118", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31383", "source": "cve@mitre.org"}, {"url": "http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/31618", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23880", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23906", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:004", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21959", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-412-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0117", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0118", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31383", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename."}, {"lang": "es", "value": "Vulnerabilidad de escalado de directorio en la funci\u00f3n GeoIP_update_database_general en libGeoIP/GeoIPUpdate.c del GeoIP 1.4.0 permite a servidores de actualizaci\u00f3n remotos maliciosos (posiblemente s\u00f3lo update.maxmind.com) sobrescribir ficheros de su elecci\u00f3n mediante la inserci\u00f3n de .. (punto punto) en el nombre de fichero de la Base de Datos, que es recuperado mediante una petici\u00f3n a app/update_getfilename."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:geoip:geoip:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91B9A4F5-841D-4ADF-AAB7-F7A9D75A38AE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}