thr3ads.net - Secure testing team - [Secure-testing-team] Bug#516829: Http double slash request arbitrary file access vulnerability [Feb 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Feb-23 21:12 UTC

[Secure-testing-team] Bug#516829: Http double slash request arbitrary file access vulnerability

Package: mldonkey-server
Version: 2.9.5-2
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to
access any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there''s  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmjETEACgkQNxpp46476arOowCfdUi6Nmhi0vagcdOb06ya/RRA
RWsAn1THtf88DUbVAL6dunEq4MeLJjWn
=elDe
-----END PGP SIGNATURE-----

Secure testing team - Feb 2009 - Bug#516829: Http double slash request arbitrary file access vulnerability

[Secure-testing-team] Bug#516829: Http double slash request arbitrary file access vulnerability