ID CVE-2007-1799
Summary Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
References
Vulnerable Configurations
  • cpe:2.3:a:joris_guisson:ktorrent:2.1.1
    cpe:2.3:a:joris_guisson:ktorrent:2.1.1
  • cpe:2.3:a:joris_guisson:ktorrent:2.1.2
    cpe:2.3:a:joris_guisson:ktorrent:2.1.2
CVSS
Base: 6.4 (as of 03-04-2007 - 09:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-01 (Ktorrent: Multiple vulnerabilities) Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact : A remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25131
    published 2007-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25131
    title GLSA-200705-01 : Ktorrent: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-436-1.NASL
    description Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28031
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28031
    title Ubuntu 6.06 LTS / 6.10 : ktorrent vulnerabilities (USN-436-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-095.NASL
    description A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37741
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37741
    title Mandrake Linux Security Advisory : ktorrent (MDKSA-2007:095)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KTORRENT-3049.NASL
    description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to crash Ktorrent. (CVE-2007-1385)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29498
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29498
    title SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1373.NASL
    description It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26034
    published 2007-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26034
    title Debian DSA-1373-2 : ktorrent - directory traversal
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-436-2.NASL
    description USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 28032
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28032
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : ktorrent vulnerability (USN-436-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KTORRENT-3057.NASL
    description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384,CVE-2007-1799). Another bug could be exploited to crash Ktorrent (CVE-2007-1385).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27314
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27314
    title openSUSE 10 Security Update : ktorrent (ktorrent-3057)
refmap via4
bid 23745
confirm
debian DSA-1373
gentoo GLSA-200705-01
mandriva MDKSA-2007:095
secunia
  • 24995
  • 25097
  • 26773
suse SUSE-SR:2007:007
ubuntu USN-436-2
xf ktorrent-torrentcpp-directory-traversal(33566)
Last major update 05-11-2012 - 22:36
Published 02-04-2007 - 18:19
Last modified 28-07-2017 - 21:30
Back to Top