Your security, networking, programming, and application news source.

Wednesday, August 13, 2008

BitTorrent's .torrent File Buffer Overflow Vulnerability

A critical vulnerability was found in uTorrent and BitTorrent. The torrent clients' processing of .torrent files fail to do proper bounds checking for the 'Created By' field. This allows a maliciously crafted .torrent file to do a buffer overflow. From there, arbitrary code execution is a step away.

Confirmed vulnerable versions (previous version are assumed but not confirmed to be vulnerable):

  uTorrent version 1.7.7 (Build 8179)
  BitTorrent versions 6.xx.

TorrentFreak urges users of uTorrent to upgrade to <uTorrent 1.8> and claims there is no upgrade/patch for the mainline BitTorrent client yet, but an update will be available soon.

<TorrentFreak - Critical Vulnerability Discovered in uTorrent>(August 12, 2008)

<Secunia - Security advisory for uTorrent>(August 12, 2008)
<Secunia - Security advisory for BitTorrent>(August 12, 2008)

No comments:

Post a Comment