Gentoo: 200909-06 Normal: aMule Parameter Injection Attack
gentoo
September 9, 2009
An input validation error in aMule enables remote attackers to pass arbitrary parameters to a victim's media player.
Summary
Gentoo Linux Security Advisory GLSA 200909-06
https://security.gentoo.org/
Severity: Normal
Title: aMule: Parameter injection
Date: September 09, 2009
Bugs: #268163
ID: 200909-06
Synopsis
=======
An input validation error in aMule enables remote attackers to pass
arbitrary parameters to a victim's media player.
Background
=========
aMule is an eMule-like client for the eD2k and Kademlia networks,
supporting multiple platforms.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-p2p/amule < 2.2.5 >= 2.2.5
==========
Sam Hocevar discovered that the aMule preview function does not
properly sanitize file names.
Impact
=====
A remote attacker could entice...
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Warning: Undefined array key "advisory_info" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/69932_4c9dbbdde36eef04251a4ced7eac4df9 on line 11
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!