No account yet?
Home » Exploits » MLdonkey HTTP Request Arbitrary File Download Vulnerability
MLdonkey HTTP Request Arbitrary File Download Vulnerability E-mail
Feeds - Exploits
Written by kyak   
Tuesday, 17 March 2009 21:50
MLdonkey HTTP Request Arbitrary File Download Vulnerability


-\\Bugtraq ID:
33865

-\\Class:
Input Validation Error

-\\CVE:
CVE-2009-0753


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Feb 23 2009 12:00AM

-\\Updated:
Mar 17 2009 05:26PM

-\\Credit:
kyak



-\\Vulnerable:
RedHat Fedora 9  0
RedHat Fedora  10
Mldonkey Mldonkey 2.9.7
Mldonkey Mldonkey 2.9
Mldonkey Mldonkey  2.9.0-r3
Debian Linux  5.0 sparc
Debian Linux  5.0 s/390
Debian Linux  5.0 powerpc
Debian Linux  5.0 mipsel
Debian Linux  5.0 mips
Debian Linux  5.0 m68k
Debian Linux  5.0 ia-64
Debian Linux  5.0 ia-32
Debian Linux  5.0 hppa
Debian Linux  5.0 armel
Debian Linux  5.0 arm
Debian Linux  5.0 amd64
Debian Linux  5.0 alpha
Debian Linux  5.0



-\\Discussion
MLdonkey is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.

MLdonkey 2.9.7 is vulnerable; other versions may also be affected.



-\\Exploit(s)/PoC(s):
An attacker can exploit this issue via a browser.

The following example URI is available:

http://example.com:4080//etc/passwd



-\\Solution
Fixes are available; please see the references for more information.


Debian Linux  5.0 hppa
--Debian  mldonkey-gui_2.9.5-2+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_hppa.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_hppa.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_hppa.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_hppa.deb

Debian Linux  5.0 ia-64
--Debian  mldonkey-gui_2.9.5-2+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_ia64.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_ia64.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_ia64.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_ia64.deb

Debian Linux  5.0 arm
--Debian  mldonkey-gui_2.9.5-2+lenny1_arm.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_arm.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_arm.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_arm.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_arm.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_arm.deb

Debian Linux  5.0 armel
--Debian  mldonkey-gui_2.9.5-2+lenny1_armel.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_armel.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_armel.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_armel.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_armel.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_armel.deb

Debian Linux  5.0 alpha
--Debian  mldonkey-gui_2.9.5-2+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_alpha.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_alpha.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_alpha.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_alpha.deb

Debian Linux  5.0 amd64
--Debian  mldonkey-gui_2.9.5-2+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_amd64.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_amd64.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_amd64.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_amd64.deb

Debian Linux  5.0 ia-32
--Debian  mldonkey-gui_2.9.5-2+lenny1_i386.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_i386.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_i386.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_i386.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_i386.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_i386.deb

Debian Linux  5.0 mips
--Debian  mldonkey-gui_2.9.5-2+lenny1_mips.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mips.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mips.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_mips.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mips.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mips.deb

Debian Linux  5.0 s/390
--Debian  mldonkey-gui_2.9.5-2+lenny1_s390.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_s390.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_s390.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_s390.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_s390.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_s390.deb

Debian Linux  5.0 mipsel
--Debian  mldonkey-gui_2.9.5-2+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mipsel.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mipsel.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mipsel.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mipsel.deb

Debian Linux  5.0 powerpc
--Debian  mldonkey-gui_2.9.5-2+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_powerpc.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_powerpc.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_powerpc.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_powerpc.deb

Debian Linux  5.0 sparc
--Debian  mldonkey-gui_2.9.5-2+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_sparc.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_sparc.deb
--Debian  mldonkey-server_2.9.5-2+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_sparc.dehttp://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_sparc.deb



-\\Reference(s)
--bug #25667: Http double slash request arbitrary file access vulnerability
https://savannah.nongnu.org/bugs/?2566  (kyak)
--MLDonkey Homepage
http://www.nongnu.org/mldonkey  (MLDonkey)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff