In association with heise online

« previous | next »
16 March 2009, 14:41

MLDonkey 3.0 closes security hole

The MLDonkey file sharing program has a security hole which allows access to arbitrary files on a system. The P2P program's web based management interface, which typically runs on TCP port 4080, does not properly filter requests. This means you can insert a double slash into a query like so 

     http://mlhost:4080//etc/passwd

and the server will return the contents of /etc/passwd. The bug is fixed in version 3.0 and affected Linux distributions are already issuing updated packages.

See also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-740577

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit