Gentoo FoundationGLSA-200710-25MLDonkey: Privilege escalation
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.3%
Background
MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent.
Description
The Gentoo MLDonkey ebuild adds a user to the system named “p2p” so that the MLDonkey service can run under a user with low privileges. With older Portage versions this user is created with a valid login shell and no password.
Impact
A remote attacker could log into a vulnerable system as the p2p user. This would require an installed login service that permitted empty passwords, such as SSH configured with the “PermitEmptyPasswords yes” option, a local login console, or a telnet server.
Workaround
See Resolution.
Resolution
Change the p2p user’s shell to disallow login. For example, as root run the following command:
# usermod -s /bin/false p2p
NOTE: updating to the current MLDonkey ebuild will not remove this vulnerability, it must be fixed manually. The updated ebuild is to prevent this problem from occurring in the future.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-p2p/mldonkey | < 2.9.0-r3 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.3%