100487 – eMule - Denial of Service and zlib Vulnerabilities

Bug 100487 - eMule - Denial of Service and zlib Vulnerabilities

Summary: eMule - Denial of Service and zlib Vulnerabilities

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-27 10:24 UTC by Jimi A.
Modified:	2005-07-27 10:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jimi A. 2005-07-27 10:24:43 UTC

Two vulnerabilities have been reported in eMule, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.

1) An error in eMule can be exploited to crash the client via a specially
crafted Kad packet.

Successful exploitation requires enabled Kad support.

2) eMule uses a vulnerable version of the zlib library.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Solution:
Update to version 0.46c.

For more information, visit http://secunia.com/advisories/16239/

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2005-07-27 10:33:55 UTC

emule appears to be a windows application, doesnt look like we're affected.