CVE-2009-0753
EPSS 10.9%mldonkey - information disclosure
Published: 3/3/2009Modified: 3/9/2026
Description
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
Affected packages (2)
- Debian/mldonkeyfrom 0, < 3.0.0-1
- Debian/mldonkeyfrom 0, < 2.9.5-2+lenny1
References (12)
- ADVISORYhttp://secunia.com/advisories/34008
- ADVISORYhttp://secunia.com/advisories/34306
- ADVISORYhttp://secunia.com/advisories/34345
- ADVISORYhttp://secunia.com/advisories/34436
- ADVISORYhttp://www.debian.org/security/2009/dsa-1739
- WEBhttp://savannah.nongnu.org/bugs/?25667
- WEBhttps://www.exploit-db.com/exploits/8097
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html
- WEBhttp://www.gentoo.org/security/en/glsa/glsa-200903-36.xml
- WEBhttp://www.openwall.com/lists/oss-security/2009/02/23/1
- WEBhttp://www.securityfocus.com/bid/33865