6.8 - GLSA-200902-05

Executive Summary

Summary
Title	KTorrent: Multiple vulnerabilitites

Informations
Name	GLSA-200902-05	First vendor Publication	2009-02-23
Vendor	Gentoo	Last vendor Modification	2009-02-23
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Two vulnerabilities in the web interface plugin in KTorrent allow for remote execution of code and arbitrary torrent uploads.

Background

KTorrent is a BitTorrent program for KDE.

Description

The web interface plugin does not restrict access to the torrent upload functionality (CVE-2008-5905) and does not sanitize request parameters properly (CVE-2008-5906) .

Impact

A remote attacker could send specially crafted parameters to the web interface that would allow for arbitrary torrent uploads and remote code execution with the privileges of the KTorrent process.

Workaround

Disabling the web interface plugin will prevent exploitation of both issues. Click "Plugins" in the configuration menu and uncheck the checkbox left of "WebInterface", then apply the changes.

Resolution

All KTorrent users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/ktorrent-2.2.8"

References

[ 1 ] CVE-2008-5905 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5905
[ 2 ] CVE-2008-5906 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5906

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200902-05.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200902-05.xml

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-264	Permissions, Privileges, and Access Controls
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13673

Oval ID:	oval:org.mitre.oval:def:13673
Title:	USN-711-1 -- ktorrent vulnerabilities
Description:	It was discovered that KTorrent did not properly restrict access when using the web interface plugin. A remote attacker could use a crafted http request and upload arbitrary torrent files to trigger the start of downloads and seeding. It was discovered that KTorrent did not properly handle certain parameters when using the web interface plugin. A remote attacker could use crafted http requests to execute arbitrary PHP code
Family:	unix	Class:	patch
Reference(s):	USN-711-1 CVE-2008-5905 CVE-2008-5906	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.10 Ubuntu 8.04	Product(s):	ktorrent
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND ktorrent DPKG is earlier than 2.2.1-0ubuntu3.1 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section ktorrent DPKG is earlier than 3.1.2+dfsg.1-0ubuntu2.1 AND ktorrent-dbg DPKG is earlier than 3.1.2+dfsg.1-0ubuntu2.1 OR Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND ktorrent DPKG is earlier than 2.2.5-0ubuntu1.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ktorrent cpe:2.3:a:ktorrent:ktorrent:3.1.2:::::::* cpe:2.3:a:ktorrent:ktorrent:3.1.1:::::::* cpe:2.3:a:ktorrent:ktorrent:3.0.2:::::::* cpe:2.3:a:ktorrent:ktorrent:3.0.1:::::::* cpe:2.3:a:ktorrent:ktorrent:3.0.0:::::::* cpe:2.3:a:ktorrent:ktorrent:3.0:beta1:::::: cpe:2.3:a:ktorrent:ktorrent:3.0:rc1:::::: cpe:2.3:a:ktorrent:ktorrent:2.2.8:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.7:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.6:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.5:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.4:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.3:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.2:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2.1:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2:rc1:::::: cpe:2.3:a:ktorrent:ktorrent:2.2:::::::* cpe:2.3:a:ktorrent:ktorrent:2.2:beta1:::::: cpe:2.3:a:ktorrent:ktorrent:2.1.4:::::::* cpe:2.3:a:ktorrent:ktorrent:2.1.3:::::::* cpe:2.3:a:ktorrent:ktorrent:2.1.2:::::::* cpe:2.3:a:ktorrent:ktorrent:2.1.1:::::::* cpe:2.3:a:ktorrent:ktorrent:2.1:beta1:::::: cpe:2.3:a:ktorrent:ktorrent:2.1:rc1:::::: cpe:2.3:a:ktorrent:ktorrent:2.1:::::::* cpe:2.3:a:ktorrent:ktorrent:2.0.3:::::::* cpe:2.3:a:ktorrent:ktorrent:2.0.2:::::::* cpe:2.3:a:ktorrent:ktorrent:2.0.1:::::::* cpe:2.3:a:ktorrent:ktorrent:2.0:rc1:::::: cpe:2.3:a:ktorrent:ktorrent:2.0:beta1:::::: cpe:2.3:a:ktorrent:ktorrent:2.0:::::::* cpe:2.3:a:ktorrent:ktorrent:1.2:rc2:::::: cpe:2.3:a:ktorrent:ktorrent:1.2:rc1:::::: cpe:2.3:a:ktorrent:ktorrent:1.2:::::::* cpe:2.3:a:ktorrent:ktorrent:1.1:::::::* cpe:2.3:a:ktorrent:ktorrent:1.0:::::::* cpe:2.3:a:ktorrent:ktorrent:0.9:::::::*	37

OpenVAS Exploits

Date	Description
2009-03-02	Name : Gentoo Security Advisory GLSA 200902-05 (ktorrent) File : nvt/glsa_200902_05.nasl
2009-02-02	Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl
2009-02-02	Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl
2009-01-22	Name : KTorrent PHP Code Injection And Security Bypass Vulnerability File : nvt/gb_ktorrent_sec_bypass_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
49357	KTorrent Web Interface Plugin Multiple Variable Arbitrary PHP Code Injection
49356	KTorrent Web Interface Plugin Crafted POST Request Arbitrary Torrent File Upload

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-711-1.nasl - Type : ACT_GATHER_INFO
2009-02-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200902-05.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:17	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	1
CPE ID(s)	37
osvdb(s)	2
Openvas Exploit(s)	4
Nessus® Exploit(s)	2

	Related
6.8	CVE-2008-5906
4.3	CVE-2008-5905
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

6.8 - GLSA-200902-05

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU