CVE-2007-0159

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-0159

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-0159.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2007-0159

Downstream

DEBIAN-CVE-2007-0159

Published

2007-01-10T00:28:00Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/updategetfilename.

References

http://secunia.com/advisories/23880
http://secunia.com/advisories/23906
http://www.mandriva.com/security/advisories?name=MDKSA-2007:004
http://www.ubuntu.com/usn/usn-412-1
http://www.vupen.com/english/advisories/2007/0117
http://www.vupen.com/english/advisories/2007/0118
http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
http://osvdb.org/31618
http://www.securityfocus.com/bid/21959
https://exchange.xforce.ibmcloud.com/vulnerabilities/31383

CVE-2007-0159

Affected packages