CVE-2009-0753

Name	CVE-2009-0753
Description	Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1739-1
Debian Bugs	516829

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mldonkey (PTS)	jessie	3.1.5-2	fixed
	stretch	3.1.5-3.1	fixed
	buster	3.1.6-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mldonkey	source	etch	(not affected)
mldonkey	source	lenny	2.9.5-2+lenny1		DSA-1739-1
mldonkey	source	(unstable)	3.0.0-1	medium		516829

[etch] - mldonkey <not-affected> (vulnerable code not present)
daemon is run as non-root and can only be exploited via localhost