Dean Gaudet

**Name of the Vulnerable Software and Affected Versions** GeoIP version 1.4.0 **Description** The issue allows remote malicious update servers to overwrite arbitrary files via a .. (dot dot) in the database filename. This is due to a directory traversal vulnerability in the GeoIP update database general function in libGeoIP/GeoIPUpdate.c. The vulnerability can be exploited when a request is made to app/update getfilename, which returns the database filename. **Recommendations** For GeoIP version 1.4.0, as a temporary workaround, consider restricting access to the GeoIP update database general function until a patch is available. Avoid using the update functionality that involves requesting filenames from potentially malicious update servers.