MUTE P2P mWebCache security bypass
| mute-mwebcache-security-bypass (24931) |  Medium Risk |
Description:
MUTE P2P could allow a remote attacker to bypass security restrictions. A remote attacker could exploit this vulnerability by adding malicious nodes to the mWebCache, allowing the attacker to bypass security restrictions and cause a denial of service or obtain sensitive information.
Consequences:
Bypass Security
Remedy:
No remedy available as of February 6, 2010.
References:
- MUTE Web site: MUTE: Simple, Anonymous File Sharing.
- CVE-2005-4726: MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain.
- CVE-2006-0808: MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious zombie nodes.
- OSVDB ID: 23335: MUTE P2P DROP_CHAIN Information Disclosure
- OSVDB ID: 23336: MUTE P2P MWebCache Host Selection Information Disclosure
- SA18980: MUTE P2P File Sharing Host Selection Weakness
Platforms Affected:
- MUTE MUTE 0.4.1
Reported:
Feb 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net