exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-1799

Status Candidate

Overview

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.

Related Files

Debian Linux Security Advisory 1373-2
Posted Oct 23, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1373-2 - It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files. This updated advisory correctly increases the version number of the fixed package such that it is installable upon the etch release of Debian.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2007-1799
SHA-256 | b890c45ffa798379b6863690886a4152c13c2a309ce80b97c902b3f6e092d5c2
Debian Linux Security Advisory 1373-1
Posted Sep 11, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1373-1 - It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2007-1799
SHA-256 | a960c7e4c34ac3e3c21cf9a30e5705e5bebfffa7196b540161fbd20a223ff098
Ubuntu Security Notice 436-2
Posted May 21, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 436-2 - USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, juniper, ubuntu
advisories | CVE-2007-1799
SHA-256 | 9639d94610747e9a97954734b5c101e1362174b07ea0275b2e5704d1ab214c07
Mandriva Linux Security Advisory 2007.095
Posted May 3, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-1799
SHA-256 | 95e6acfad66c7d3960aa609df736b5c6c92cfe0c12dae9aefc472859674d3a16
Gentoo Linux Security Advisory 200705-1
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-01 - Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Versions less than 2.1.3 are affected.

tags | advisory
systems | linux, gentoo, juniper
advisories | CVE-2007-1384, CVE-2007-1385, CVE-2007-1799
SHA-256 | b57efc215d1526e13a88dad0980b79388b365f50a3326ebe8a381ad5c7ef0948
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close