The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.Referenceshttp://security.gentoo.org/glsa/glsa-200710-25.xmlhttp://secunia.com/advisories/27366
