In association with heise online

« previous | next »
16 March 2009, 13:41

MLDonkey 3.0 closes security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The MLDonkey file sharing program has a security hole which allows access to arbitrary files on a system. The P2P program's web based management interface, which typically runs on TCP port 4080, does not properly filter requests. This means you can insert a double slash into a query like so 

     http://mlhost:4080//etc/passwd

and the server will return the contents of /etc/passwd. The bug is fixed in version 3.0 and affected Linux distributions are already issuing updated packages.

See also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-740577

Also on The H:

The H Open Headlines
    • May's Community Calendar

            Price Insight Top 10 powered by Skinflint

            1. Samsung SSD 840 Pro Series 256GB
            2. Samsung SSD 840 Series 250GB
            3. HTC One 32GB schwarz
            4. Samsung Galaxy S4 i9505 16GB schwarz
            5. Intel Core i5-3570K
            6. Seagate Desktop HDD.15 4000GB
            7. Western Digital Red 3000GB
            8. Samsung SSD 840 Series 120GB
            9. HTC One 32GB silber
            10. Samsung Galaxy S3 i9300 16GB blau

            The H

            The H Open

            The H Security

            The H Developer

            The H Internet Toolkit