Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-200710-25 High: MLDonkey Privilege Escalation

gentoo
Calendar Grey October 24, 2007
Dist Gentoo Esm H88
A crucial Gentoo security notice regarding MLDonkey has been issued, pointing out a privilege escalation vulnerability tied to users with a passwordless shell, requiring urgent action
The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password.

Summary

Gentoo Linux Security Advisory GLSA 200710-25 https://security.gentoo.org/ Severity: High Title: MLDonkey: Privilege escalation Date: October 24, 2007 Bugs: #189412 ID: 200710-25

Synopsis ======= The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password.
Background ========= MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-p2p/mldonkey < 2.9.0-r3 >= 2.9.0-r3
========== The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a us...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo high severity privilege escalation remote access MLDonkey

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory Gentoo high severity privilege escalation remote access MLDonkey

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here