ID CVE-2007-1385
Summary chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
References
Vulnerable Configurations
  • cpe:2.3:a:joris_guisson:ktorrent:2.1.1
    cpe:2.3:a:joris_guisson:ktorrent:2.1.1
CVSS
Base: 7.5 (as of 13-03-2007 - 08:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-093-02.NASL
    description New ktorrent packages are available for Slackware 11.0 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24917
    published 2007-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24917
    title Slackware 11.0 / current : ktorrent (SSA:2007-093-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-01 (Ktorrent: Multiple vulnerabilities) Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact : A remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25131
    published 2007-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25131
    title GLSA-200705-01 : Ktorrent: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-436-1.NASL
    description Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28031
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28031
    title Ubuntu 6.06 LTS / 6.10 : ktorrent vulnerabilities (USN-436-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_73F53712D02811DB8C070211D85F11FB.NASL
    description Two problems have been found in KTorrent : - KTorrent does not properly sanitize file names to filter out '..' components, so it's possible for an attacker to create a malicious torrent in order to overwrite arbitrary files within the filesystem. - Messages with invalid chunk indexes aren't rejected.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24797
    published 2007-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24797
    title FreeBSD : ktorrent -- multiple vulnerabilities (73f53712-d028-11db-8c07-0211d85f11fb)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KTORRENT-3049.NASL
    description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to crash Ktorrent. (CVE-2007-1385)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29498
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29498
    title SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KTORRENT-3057.NASL
    description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384,CVE-2007-1799). Another bug could be exploited to crash Ktorrent (CVE-2007-1385).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27314
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27314
    title openSUSE 10 Security Update : ktorrent (ktorrent-3057)
refmap via4
bid 22930
confirm
gentoo GLSA-200705-01
mlist [kde-announce] 20070309 KTorrent 2.1.2 is out
sectrack 1017747
secunia
  • 24459
  • 24486
  • 24753
  • 24995
  • 25097
slackware SSA:2007-093-02
suse SUSE-SR:2007:007
ubuntu USN-436-1
vupen ADV-2007-0913
Last major update 07-03-2011 - 21:52
Published 10-03-2007 - 13:19
Back to Top