Pardus Linux Security Advisory 2008-61 - Some vulnerabilities have been discovered in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions. Versions below 2.2.7-30-4 are affected.
9561f7dade50a79ef90383d23eb5333696780886fc96417a1f90bdc16dc81273
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-61 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-11-05
Severity: 1
Type: Remote
------------------------------------------------------------------------
Summary
=======
Some vulnerabilities have been discovered in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to bypass certain security restrictions.
Description
===========
1) The web interface plugin does not properly restrict access to the
torrent upload functionality. This can be exploited to upload arbitrary
torrent files by sending specially crafted HTTP POST request to the
affected application.
2) The web interface plugin does not properly sanitise request
parameters before passing them to the PHP interpreter. This can be
exploited to inject and execute arbitrary PHP code by passing specially
crafted parameters to the PHP scripts of the web interface.
Successful exploitation of the vulnerabilities requires that the web
interface plugin is enabled (not the default setting).
Affected packages:
Pardus 2008:
ktorrent, all before 2.2.7-30-4
Resolution
==========
There are update(s) for ktorrent. You can update them via Package
Manager or with a single command from console:
pisi up ktorrent
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8566
* http://secunia.com/advisories/32442/
------------------------------------------------------------------------
--
Pardus Security Team
http://security.pardus.org.tr