Primary

Context

Dragonfly P2P File Distribution Directory Permission Vulnerability

Vulnerability

Patched

A directory permission vulnerability exists in Dragonfly versions prior to 2.1.0. The issue arises because the application uses the os.MkdirAll function to create directory paths with specific permissions. This function does not check permissions on existing directories, allowing a local attacker to preemptively create directories with broad permissions. Consequently, the attacker could manipulate files within these directories before Dragonfly does, potentially interfering with the application's operations.

Impact

Exploitation allows a local attacker to create directories with 0777 permissions, enabling them to delete and modify files within those directories. This manipulation can alter the outcomes of commands executed by the user.

Remediation

Users are advised to upgrade to Dragonfly version 2.1.0 or later.

Added: Sep 17, 2025, 8:22 PM

Updated: Sep 17, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dragonfly P2P File Distribution Directory Permission Vulnerability

Vulnerability

Impact

Remediation

Affected Products

DragonFly

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating