[Secure-testing-team] Bug#516829: Http double slash request arbitrary file access vulnerability
Giuseppe Iuculano
giuseppe at iuculano.it
Mon Feb 23 21:12:18 UTC 2009
Package: mldonkey-server
Version: 2.9.5-2
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to
access any
file with rights of running Mldonkey daemon by supplying a
special-crafted request (ok, there's not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).
Reference:
https://savannah.nongnu.org/bugs/?25667
Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:
http://mlhost:4080//etc/passwd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmjETEACgkQNxpp46476arOowCfdUi6Nmhi0vagcdOb06ya/RRA
RWsAn1THtf88DUbVAL6dunEq4MeLJjWn
=elDe
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list