Ubuntu: KTorrent vulnerabilities
Posted by Benjamin D. Thomas   
Ubuntu Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-436-1             March 12, 2007
ktorrent vulnerabilities
CVE-2007-1384, CVE-2007-1385
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ktorrent                                 1.2-0ubuntu5.1

Ubuntu 6.10:
  ktorrent                                 2.0.3+dfsg1-0ubuntu1.1

After a standard system upgrade you need to restart KTorrent to effect 
the necessary changes.

Details follow:

Bryan Burns of Juniper Networks discovered that KTorrent did not 
correctly validate the destination file paths nor the HAVE statements 
sent by torrent peers.  A malicious remote peer could send specially 
crafted messages to overwrite files or execute arbitrary code with user 
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.diff.gz
      Size/MD5:    43785 79df81a2daf88ed095153f8b664f7da4
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1.dsc
      Size/MD5:      785 b33cc9609741465d1acfed4c3e86c87e
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2.orig.tar.gz
      Size/MD5:  1447380 55c6c4ae679aea0ba0370058856ddb92

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_amd64.deb
      Size/MD5:   799590 1e15c2c9901fe1bd815d3ebebc33c841

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_i386.deb
      Size/MD5:   756604 9d33c77836ca569ac77e5cb1e43727e5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_powerpc.deb
      Size/MD5:   790462 59620e287be8fa5f39725c579516d580

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.1_sparc.deb
      Size/MD5:   759414 53bcc7c1baf8bf5a6d2f21fd4677ab34

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.diff.gz
      Size/MD5:   336981 510bbd0ce41892c3f73580c6912e8cca
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1.dsc
      Size/MD5:      754 fba0cabd58450420a144ce4aceec77e1
    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
      Size/MD5:  2183661 891f2cc509331a4283f958b068bbcf7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_amd64.deb
      Size/MD5:  1220846 74e7cbb176c3167fd3ebc1262a83fb69

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_i386.deb
      Size/MD5:  1182658 0d40b9c135c6f835da909aee5a7320a5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_powerpc.deb
      Size/MD5:  1205360 1748f978c4bd43e805bd64615e5cebee

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.1_sparc.deb
      Size/MD5:  1159794 8c7988c495afa48bae90fc1d21f49d71