A critical vulnerability was found in uTorrent and BitTorrent. The torrent clients' processing of .torrent files fail to do proper bounds checking for the 'Created By' field. This allows a maliciously crafted .torrent file to do a buffer overflow. From there, arbitrary code execution is a step away.
Confirmed vulnerable versions (previous version are assumed but not confirmed to be vulnerable):
uTorrent version 1.7.7 (Build 8179)
BitTorrent versions 6.xx.
TorrentFreak urges users of uTorrent to upgrade to <uTorrent 1.8> and claims there is no upgrade/patch for the mainline BitTorrent client yet, but an update will be available soon.
<TorrentFreak - Critical Vulnerability Discovered in uTorrent>(August 12, 2008)
<Secunia - Security advisory for uTorrent>(August 12, 2008)
<Secunia - Security advisory for BitTorrent>(August 12, 2008)
Wednesday, August 13, 2008
BitTorrent's .torrent File Buffer Overflow Vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment