GLSA-200710-25 : MLDonkey: Privilege escalation
Medium Nessus Plugin ID 27557
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200710-25 (MLDonkey: Privilege escalation)
The Gentoo MLDonkey ebuild adds a user to the system named 'p2p' so that the MLDonkey service can run under a user with low privileges.
With older Portage versions this user is created with a valid login shell and no password.
A remote attacker could log into a vulnerable system as the p2p user.
This would require an installed login service that permitted empty passwords, such as SSH configured with the 'PermitEmptyPasswords yes' option, a local login console, or a telnet server.
SolutionChange the p2p user's shell to disallow login. For example, as root run the following command:
# usermod -s /bin/false p2p NOTE: updating to the current MLDonkey ebuild will not remove this vulnerability, it must be fixed manually. The updated ebuild is to prevent this problem from occurring in the future.