KTorrent Bugs Let Remote Users Overwrite Files and Deny Service
|
|
SecurityTracker Alert ID: 1017747
|
|
SecurityTracker URL: http://securitytracker.com/id?1017747
|
|
CVE Reference: CVE-2007-1384
, CVE-2007-1385
(Links to External Site)
|
Date: Mar 13 2007
|
Impact: Denial of service via network, Modification of user information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.1.2
|
Description: A vulnerability was reported in KTorrent. A remote user can cause denial of service conditions. A remote user can overwrite files on the target system.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted torrent filename containing
'..' directory traversal characters to overwrite files on target system. The flaw resides in 'torrent.cpp'.
A remote user can
send a specially crafted idx value to trigger a flaw in 'chunkcounter.cpp' and cause the target service to crash.
Bryan Burns
of Juniper Networks discovered these vulnerabilities.
|
Impact: A remote user can cause denial of service conditions.
A remote user can overwrite files on the target system.
|
Solution: The vendor has issued a fixed version (2.1.2), available at:
http://ktorrent.org/index.php?page=downloads
|
Vendor URL: ktorrent.org/forum/viewtopic.php?t=1401 (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Mar 2007 00:25:29 -0500
Subject: KTorrent
|
Ubuntu wrote in USN-436-1:
Bryan Burns of Juniper Networks discovered that KTorrent did not=20
correctly validate the destination file paths nor the HAVE statements=20
sent by torrent peers. A malicious remote peer could send specially=20
crafted messages to overwrite files or execute arbitrary code with user=20
privileges.
CVE-2007-1384
CVE-2007-1385
|
|
