Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 100487

Summary: eMule - Denial of Service and zlib Vulnerabilities
Product: Gentoo Security Reporter: Jimi A. <folajimi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---

Description Jimi A. 2005-07-27 10:24:43 UTC
Two vulnerabilities have been reported in eMule, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.

1) An error in eMule can be exploited to crash the client via a specially
crafted Kad packet.

Successful exploitation requires enabled Kad support.

2) eMule uses a vulnerable version of the zlib library.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Solution:
Update to version 0.46c.

For more information, visit http://secunia.com/advisories/16239/
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2005-07-27 10:33:55 UTC
emule appears to be a windows application, doesnt look like we're affected.