Full Disclosure: Flaw in eMule 0.49: it exposes the OS user account name when it sends the shared files list

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Flaw in eMule 0.49: it exposes the OS user account name when it sends the shared files list

From: "carl hardwick" <hardwick.carl () gmail com>
Date: Mon, 14 Jul 2008 21:05:50 +0200

eMule 0.49 and previous versions could expose the OS user account name
when it sends the shared files list.
When an user asks for the shared files list of another user, the full
path of folders are sent and they're fully visible into the emule log.
example:
Requesting shared files from 'yohan'
User yohan (1507...) shares directory 'C:\Documents and
Settings\Jean-Denis\My documents\...'

OS user account name Jean-Denis is visible and could be used in further attacks.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Flaw in eMule 0.49: it exposes the OS user account name when it sends the shared files list carl hardwick (Jul 14)