MLdonkey Admin Access

2003-11-05T00:00:00
ID OSVDB:3126
Type osvdb
Reporter OSVDB
Modified 2003-11-05T00:00:00

Description

Vulnerability Description

MLdonkey for Mac OS X, Unix and Linux contains a flaw that may lead to an unauthorized information disclosure and access to the Administrative interface. The issue is triggered when a specially crafted packet is sent, which will allow access to the administrative interface disclosing information resulting in a loss of confidentiality.

Technical Description

This flaw will need to be used in conjunction with the cross-site scripting vulnerability to be effective.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MLdonkey for Mac OS X, Unix and Linux contains a flaw that may lead to an unauthorized information disclosure and access to the Administrative interface. The issue is triggered when a specially crafted packet is sent, which will allow access to the administrative interface disclosing information resulting in a loss of confidentiality.

Manual Testing Notes

The following will open the admin interface to all IP addresses. http://127.0.0.1:4080/submit?setoption=q&option=allowed_ips&value=255.255.255.255

References:

Vendor URL: http://mldonkey.org/ Secunia Advisory ID:10134 Related OSVDB ID: 2769 Nessus Plugin ID:11125 ISS X-Force ID: 13616