Bug#516829: Http double slash request arbitrary file access vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#516829: Http double slash request arbitrary file access vulnerability
From: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Mon, 23 Feb 2009 22:12:18 +0100
Message-id: <[🔎] 20090223211218.3524.62152.reportbug@localhost>
Reply-to: Giuseppe Iuculano <giuseppe@iuculano.it>, 516829@bugs.debian.org

Package: mldonkey-server
Version: 2.9.5-2
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to
access any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there's  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmjETEACgkQNxpp46476arOowCfdUi6Nmhi0vagcdOb06ya/RRA
RWsAn1THtf88DUbVAL6dunEq4MeLJjWn
=elDe
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Automatic generation of list of Uploaders in control files
Next by Date: perl4caml_0.9.5-1_amd64.changes ACCEPTED
Previous by thread: Processing of perl4caml_0.9.5-1_amd64.changes
Next by thread: Bug#516829: Http double slash request arbitrary file access vulnerability
Index(es):
- Date
- Thread