Debian Security Advisory
DSA-1739-1 mldonkey -- path traversal
- Date Reported:
- 13 Mar 2009
- Affected Packages:
- mldonkey
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 516829.
In Mitre's CVE dictionary: CVE-2009-0753. - More information:
-
It has been discovered that mldonkey, a client for several P2P networks, allows attackers to download arbitrary files using crafted requests to the HTTP console.
The old stable distribution (etch) is not affected by this problem.
For the stable distribution (lenny), this problem has been fixed in version 2.9.5-2+lenny1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your mldonkey packages.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5-2+lenny1.dsc
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5-2+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.