Vulnerability Name:

CVE-2007-5714 (CCN-37422)

Assigned:2007-08-18
Published:2007-08-18
Updated:2008-09-05
Summary:The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Gentoo Bugzilla Bug 189412
net-p2p/mldonkey created user "p2p" has a passwordless login

Source: MITRE
Type: CNA
CVE-2007-5714

Source: CCN
Type: SA27366
Gentoo MLDonkey Empty "p2p" Password Security Issue

Source: SECUNIA
Type: UNKNOWN
27366

Source: GENTOO
Type: UNKNOWN
GLSA-200710-25

Source: CCN
Type: GLSA-200710-25
MLDonkey: Privilege escalation

Source: CCN
Type: OSVDB ID: 38627
MLDonkey on Gentoo Linux Default Unpassworded p2p Account

Source: CCN
Type: BID-26202
MLDonkey P2P User Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
mldonkey-p2p-default-password(37422)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gentoo:mldonkey_ebuild:*:r2:*:*:*:*:*:* (Version <= 2.9.0)

    • Configuration CCN 1:
  • cpe:/a:mldonkey:mldonkey:2.9.0-r3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gentoo mldonkey ebuild * r2
    mldonkey mldonkey 2.9.0-r3
    gentoo linux *