LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: KTorrent vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-436-1             March 12, 2007
ktorrent vulnerabilities
CVE-2007-1384, CVE-2007-1385
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ktorrent                                 1.2-0ubuntu5.1

Ubuntu 6.10:
  ktorrent                                 2.0.3+dfsg1-0ubuntu1.1

After a standard system upgrade you need to restart KTorrent to effect 
the necessary changes.

Details follow:

Bryan Burns of Juniper Networks discovered that KTorrent did not 
correctly validate the destination file paths nor the HAVE statements 
sent by torrent peers.  A malicious remote peer could send specially 
crafted messages to overwrite files or execute arbitrary code with user 
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.diff.gz
      Size/MD5:    43785 79df81a2daf88ed095153f8b664f7da4
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.dsc
      Size/MD5:      785 b33cc9609741465d1acfed4c3e86c87e
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2.orig.tar.gz
      Size/MD5:  1447380 55c6c4ae679aea0ba0370058856ddb92

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_amd64.deb
      Size/MD5:   799590 1e15c2c9901fe1bd815d3ebebc33c841

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_i386.deb
      Size/MD5:   756604 9d33c77836ca569ac77e5cb1e43727e5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_powerpc.deb
      Size/MD5:   790462 59620e287be8fa5f39725c579516d580

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_sparc.deb
      Size/MD5:   759414 53bcc7c1baf8bf5a6d2f21fd4677ab34

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.diff.gz
      Size/MD5:   336981 510bbd0ce41892c3f73580c6912e8cca
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.dsc
      Size/MD5:      754 fba0cabd58450420a144ce4aceec77e1
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
      Size/MD5:  2183661 891f2cc509331a4283f958b068bbcf7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_amd64.deb
      Size/MD5:  1220846 74e7cbb176c3167fd3ebc1262a83fb69

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_i386.deb
      Size/MD5:  1182658 0d40b9c135c6f835da909aee5a7320a5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_powerpc.deb
      Size/MD5:  1205360 1748f978c4bd43e805bd64615e5cebee

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_sparc.deb
      Size/MD5:  1159794 8c7988c495afa48bae90fc1d21f49d71


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.