Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-1760 | First vendor Publication | 2009-06-11 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1760 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13566 | |||
| Oval ID: | oval:org.mitre.oval:def:13566 | ||
| Title: | DSA-1815-1 libtorrent-rasterbar -- programming error | ||
| Description: | It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files. The old stable distribution doesn’t include libtorrent-rasterbar. For the stable distribution, this problem has been fixed in version 0.13.1-2+lenny1. For the unstable distribution, this problem has been fixed in version 0.14.4-1. We recommend that you upgrade your libtorrent-rasterbar package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1815-1 CVE-2009-1760 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtorrent-rasterbar |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8046 | |||
| Oval ID: | oval:org.mitre.oval:def:8046 | ||
| Title: | DSA-1815 libtorrent-rasterbar -- programming error | ||
| Description: | It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files. The old stable distribution (etch) doesn't include libtorrent-rasterbar. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1815 CVE-2009-1760 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtorrent-rasterbar |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-14 (rb_libtorrent deluge) File : nvt/glsa_200907_14.nasl |
| 2009-06-30 | Name : Fedora Core 11 FEDORA-2009-6502 (rb_libtorrent) File : nvt/fcore_2009_6502.nasl |
| 2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6547 (rb_libtorrent) File : nvt/fcore_2009_6547.nasl |
| 2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6619 (rb_libtorrent) File : nvt/fcore_2009_6619.nasl |
| 2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6682 (deluge) File : nvt/fcore_2009_6682.nasl |
| 2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6760 (deluge) File : nvt/fcore_2009_6760.nasl |
| 2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar) File : nvt/mdksa_2009_139.nasl |
| 2009-06-30 | Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl |
| 2009-06-23 | Name : Debian Security Advisory DSA 1815-1 (libtorrent-rasterbar) File : nvt/deb_1815_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 55070 | Rasterbar libtorrent src/torrent_info.cpp Multiple File Mode List Element Tra... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-139.nasl - Type : ACT_GATHER_INFO |
| 2009-07-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-14.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6502.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6547.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6619.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6682.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6760.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1815.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:11:06 |
|
| 2024-11-28 12:19:01 |
|
| 2021-05-04 12:09:36 |
|
| 2021-04-22 01:09:57 |
|
| 2020-05-23 01:40:26 |
|
| 2020-05-23 00:23:49 |
|
| 2018-10-11 00:19:36 |
|
| 2017-08-17 09:22:35 |
|
| 2016-04-26 18:50:46 |
|
| 2014-02-17 10:50:11 |
|
| 2013-05-10 23:51:08 |
|
