User: Password:
|
|
Subscribe / Log in / New account

ktorrent: incorrect validation

Package(s):ktorrent CVE #(s):CVE-2007-1384 CVE-2007-1385 CVE-2007-1799
Created:March 13, 2007 Updated:October 24, 2007
Description: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1373-2 ktorrent 2007-10-23
Debian DSA-1373-1 ktorrent 2007-09-11
Ubuntu USN-436-2 ktorrent 2007-05-18
Mandriva MDKSA-2007:095 ktorrent 2007-05-01
Gentoo 200705-01 ktorrent 2007-05-01
Slackware SSA:2007-093-02 ktorrent 2007-04-04
Ubuntu USN-436-1 ktorrent 2007-03-12

(Log in to post comments)

ktorrent: incorrect validation

Posted Oct 25, 2007 15:14 UTC (Thu) by epithumia (subscriber, #23370) [Link]

Note that Fedora also fixed this back in April:
https://bugzilla.redhat.com/show_bug.cgi?id=235014


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds