Info

Disclosure

Feb 06, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

MUTE contains an issue that may theoretically lead to an unauthorized information disclosure. The issue is triggered when a MUTE client retrieves all of its random hosts from a single MWebCache. If the MWebCache is operated by a malicious attacker and filled with malicious hosts, this may allow identification of the MUTE client and a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to a version higher than 0.4.1, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The MUTE Project

MUTE

0.4.1

References

Secunia Advisory ID: 18980
CVE ID: 2006-0808 (see also: NVD)
Vendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/mute-net/MUTE/doc/notes/notes.txt?view=markup
Vendor URL: http://mute-net.sourceforge.net/

Credit

Gary Whetstone - ben9users.sourceforge.net - Kommute

Direct URL: http://osvdb.org/23336