exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Pardus Linux Security Advisory 2008.61

Pardus Linux Security Advisory 2008.61
Posted Nov 5, 2008
Authored by Pardus Linux, Pardus

Pardus Linux Security Advisory 2008-61 - Some vulnerabilities have been discovered in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions. Versions below 2.2.7-30-4 are affected.

tags | advisory, vulnerability
systems | linux
SHA-256 | 9561f7dade50a79ef90383d23eb5333696780886fc96417a1f90bdc16dc81273

Pardus Linux Security Advisory 2008.61

Change Mirror Download
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-61 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-11-05
Severity: 1
Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been discovered in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to bypass certain security restrictions.


Description
===========

1) The web interface plugin does not properly restrict access to the
torrent upload functionality. This can be exploited to upload arbitrary
torrent files by sending specially crafted HTTP POST request to the
affected application.



2) The web interface plugin does not properly sanitise request
parameters before passing them to the PHP interpreter. This can be
exploited to inject and execute arbitrary PHP code by passing specially
crafted parameters to the PHP scripts of the web interface.



Successful exploitation of the vulnerabilities requires that the web
interface plugin is enabled (not the default setting).


Affected packages:

Pardus 2008:
ktorrent, all before 2.2.7-30-4


Resolution
==========

There are update(s) for ktorrent. You can update them via Package
Manager or with a single command from console:

pisi up ktorrent

References
==========

* http://bugs.pardus.org.tr/show_bug.cgi?id=8566
* http://secunia.com/advisories/32442/

------------------------------------------------------------------------

--
Pardus Security Team
http://security.pardus.org.tr


Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close