MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mldonkey | Mldonkey | * | 2.8.7 (including) |
| Mldonkey | Ubuntu | dapper | * |
| Mldonkey | Ubuntu | devel | * |
| Mldonkey | Ubuntu | edgy | * |
| Mldonkey | Ubuntu | feisty | * |
| Mldonkey | Ubuntu | gutsy | * |
| Mldonkey | Ubuntu | hardy | * |
| Mldonkey | Ubuntu | intrepid | * |
| Mldonkey | Ubuntu | jaunty | * |
| Mldonkey | Ubuntu | karmic | * |
References
- http://osvdb.org/38626
- http://secunia.com/advisories/26230
- http://sourceforge.net/project/shownotes.php?release_id=527976
- http://www.securityfocus.com/bid/25093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35656
- http://osvdb.org/38626
- http://secunia.com/advisories/26230
- http://sourceforge.net/project/shownotes.php?release_id=527976
- http://www.securityfocus.com/bid/25093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35656