Bug 20379 - MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure vulnerability
: MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure vulnerability
Status: CLOSED FIXED
: Branch 4.1
(All bugs in Branch 4.1/mldonkey-server)
: unspecified
: all Linux
: P3 critical
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2009-06-09 11:43 by
Modified: 2009-06-24 13:48 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-06-09 11:43:10
MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to access
any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there's  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd

# milw0rm.com [2009-02-23]
------- Comment #1 From 2009-06-09 18:28:12 -------
Mldonkey 3.0.0 c cайта разработчика легко пересобирается со старым spec файлом,
по крайней мере на X86_64
------- Comment #2 From 2009-06-23 22:10:54 -------
*** Bug 20380 has been marked as a duplicate of this bug. ***
------- Comment #3 From 2009-06-24 13:48:05 -------
mldonkey-3.0.0-alt1 -> sisyphus:

* Wed Jun 24 2009 gray_graff <gray_graff@altlinux> 3.0.0-alt1

- 3.0.0 (closes: 18503, 20379, 20380)