CVE-2007-0159

Name of the Vulnerable Software and Affected Versions GeoIP version 1.4.0

Description The issue allows remote malicious update servers to overwrite arbitrary files via a .. (dot dot) in the database filename. This is due to a directory traversal vulnerability in the GeoIP update database general function in libGeoIP/GeoIPUpdate.c. The vulnerability can be exploited when a request is made to app/update getfilename, which returns the database filename.

Recommendations For GeoIP version 1.4.0, as a temporary workaround, consider restricting access to the GeoIP update database general function until a patch is available. Avoid using the update functionality that involves requesting filenames from potentially malicious update servers.