Gentoo: 202304-21 Critical: MLDonkey Remote Code Execution Vulnerability
gentoo
March 23, 2009
A vulnerability in the MLDonkey web interface allows remote attackers to disclose arbitrary files.
Summary
Gentoo Linux Security Advisory GLSA 200903-36
https://security.gentoo.org/
Severity: Normal
Title: MLDonkey: Information disclosure
Date: March 23, 2009
Bugs: #260072
ID: 200903-36
Synopsis
=======
A vulnerability in the MLDonkey web interface allows remote attackersto disclose arbitrary files.
Background
=========
MLDonkey is a multi-network P2P application written in Ocaml, coming
with its own Gtk GUI, web and telnet interface.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-p2p/mldonkey < 3.0.0 >= 3.0.0
==========
Michael Peselnik reported that src/utils/lib/url.ml in the web
interface of MLDonkey does not handle file names with leading double
sl...
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!