| VID |
27325 |
| Severity |
40 |
| Port |
4711 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
eMule Web Server has been detected as running on the system.
eMule is a peer-to-peer (P2P) file sharing program based on the Edonkey p2p protocol for Microsoft Windows operating system used to share audio, video, and other media files. eMule versions 0.42d and earlier and eMule Plus v.1k and earlier are vulnerable to a stack-based buffer overflow, caused by a vulnerability in the DecodeBase16 function. The DecodeBase16 function is called in the Web server code and the IRC client code. Successful exploitation would immediately produce a denial of service condition in the affected process. This vulnerability can also allow a remote attacker to execute code on the affected system within the security context of the user running the vulnerable process.
* Note: This check solely relied on whether eMule Web Server is running on the remote server or not.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-04/0008.html
http://packetstormsecurity.nl/last100.html
http://www.securiteam.com/exploits/5BP0F15CKE.html
http://security.nnov.ru/search/news.asp?binid=3572
* Platforms Affected:
eMule 0.42a-d
eMule 0.30e
eMulePlus version 1k prior
Microsoft Windows Any version |
| Recommendation |
If P2P file sharing is not allowed at your organization, uninstall the eMule program.
-- OR --
Upgrade to the latest version of eMule (eMule 0.42g or eMulePlus 1k or later), available from eMule Download Web site at http://www.emule-project.net/home/perl/general.cgi?l=1&rm=download |
| Related URL |
(CVE) |
| Related URL |
10039 (SecurityFocus) |
| Related URL |
15730 (ISS) |
|
