Peer-To-Peer File Sharing : MLDonkey <= 2.9.7 Arbitrary File Download Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100057

Categoría: Peer-To-Peer File Sharing

Título: MLDonkey <= 2.9.7 Arbitrary File Download Vulnerability - Active Check

Resumen: MLDonkey is prone to a vulnerability that lets attackers; download arbitrary files. The issue occurs because the application fails to sufficiently sanitize; user-supplied input.

Descripción: Summary:
MLDonkey is prone to a vulnerability that lets attackers
download arbitrary files. The issue occurs because the application fails to sufficiently sanitize
user-supplied input.

Vulnerability Impact:
Exploiting this issue will allow an attacker to view arbitrary
files within the context of the application. Information harvested may aid in launching further
attacks.

Affected Software/OS:
MLDonkey version 2.9.7 and probably prior.

Solution:
Fixes are available.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0753
BugTraq ID: 33865
http://www.securityfocus.com/bid/33865
Debian Security Information: DSA-1739 (Google Search)
http://www.debian.org/security/2009/dsa-1739
https://www.exploit-db.com/exploits/8097
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html
http://www.gentoo.org/security/en/glsa/glsa-200903-36.xml
http://www.openwall.com/lists/oss-security/2009/02/23/1
http://secunia.com/advisories/34008
http://secunia.com/advisories/34306
http://secunia.com/advisories/34345
http://secunia.com/advisories/34436

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100057
Categoría:	Peer-To-Peer File Sharing
Título:	MLDonkey <= 2.9.7 Arbitrary File Download Vulnerability - Active Check
Resumen:	MLDonkey is prone to a vulnerability that lets attackers; download arbitrary files. The issue occurs because the application fails to sufficiently sanitize; user-supplied input.
Descripción:	Summary: MLDonkey is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input. Vulnerability Impact: Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. Affected Software/OS: MLDonkey version 2.9.7 and probably prior. Solution: Fixes are available. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0753 BugTraq ID: 33865 http://www.securityfocus.com/bid/33865 Debian Security Information: DSA-1739 (Google Search) http://www.debian.org/security/2009/dsa-1739 https://www.exploit-db.com/exploits/8097 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html http://www.gentoo.org/security/en/glsa/glsa-200903-36.xml http://www.openwall.com/lists/oss-security/2009/02/23/1 http://secunia.com/advisories/34008 http://secunia.com/advisories/34306 http://secunia.com/advisories/34345 http://secunia.com/advisories/34436
Copyright	Copyright (C) 2009 Greenbone AG