Title ----- DDIVRT-2008-17 Orb Directory Traversal Severity -------- High Date Discovered --------------- October, 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r@b13$ Vulnerability Description ------------------------- Orb Networks' Orb media server is vulnerable to directory traversal attacks. Users can leverage specially crafted GET requests to read arbitrary files. Solution Description -------------------- Use firewall rules to restrict access to authorized users of the Orb server. This issue is fixed in version 2.01.0022 available at http://www.orb.com/download/us/setup_2.01.0022.exe Tested Systems / Software (with versions) ------------------------------------------ Orb version 2.01.0017 on Windows XP Pro SP2 Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2 Vendor Contact -------------- Orb Networks Website: http://www.orb.com