Launchpad CVE tracker

CVE 2009-0753

Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.

Related bugs and status

CVE-2009-0753 (Candidate) is related to these bugs:

Bug #340166: MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln

		In	Importance	Status
340166	MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln	mldonkey (Ubuntu)	Critical	Fix Released
340166	MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln	mldonkey (Debian)	Unknown	Fix Released
340166	MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln	mldonkey (Ubuntu Hardy)	Undecided	Fix Released
340166	MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln	mldonkey (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009022...
CONFIRM: http://savannah.nongnu...
SECUNIA: 34008
FEDORA: FEDORA-2009-2703
FEDORA: FEDORA-2009-2758
BID: 33865
SECUNIA: 34306
SECUNIA: 34345
DEBIAN: DSA-1739
GENTOO: GLSA-200903-36
SECUNIA: 34436
EXPLOIT-DB: 8097

Launchpad.net

CVE 2009-0753

Related bugs and status

Related bugs

References