exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 436-2

Ubuntu Security Notice 436-2
Posted May 21, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 436-2 - USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, juniper, ubuntu
advisories | CVE-2007-1799
SHA-256 | 9639d94610747e9a97954734b5c101e1362174b07ea0275b2e5704d1ab214c07

Ubuntu Security Notice 436-2

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-436-2 May 18, 2007
ktorrent vulnerability
CVE-2007-1799
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
ktorrent 1.2-0ubuntu5.2

Ubuntu 6.10:
ktorrent 2.0.3+dfsg1-0ubuntu1.2

Ubuntu 7.04:
ktorrent 2.1-0ubuntu2.1

After a standard system upgrade you need to restart KTorrent to effect
the necessary changes.

Details follow:

USN-436-1 fixed a vulnerability in KTorrent. The original fix for path
traversal was incomplete, allowing for alternate vectors of attack.
This update solves the problem.

Original advisory details:

Bryan Burns of Juniper Networks discovered that KTorrent did not
correctly validate the destination file paths nor the HAVE statements
sent by torrent peers. A malicious remote peer could send specially
crafted messages to overwrite files or execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2.diff.gz
Size/MD5: 43908 4b55922fe7424a6917521604a1a30bd6
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2.dsc
Size/MD5: 785 f3b9690bf3818c509f96680ebaa7f597
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2.orig.tar.gz
Size/MD5: 1447380 55c6c4ae679aea0ba0370058856ddb92

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2_amd64.deb
Size/MD5: 799786 b1bd2e290ab006d9f3b4fba8b5c89e1f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2_i386.deb
Size/MD5: 756728 cbd80bdb43896a174336226b5f97cce4

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2_powerpc.deb
Size/MD5: 790630 e89da3850d7ffb80b8512ba7a454ad9f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_1.2-0ubuntu5.2_sparc.deb
Size/MD5: 759562 e47ed41ae1ca4543bd9c642ff2b0eff9

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2.diff.gz
Size/MD5: 337132 a946ad69c0bf0041c27432874e14455d
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2.dsc
Size/MD5: 754 c3d171b3a900e009d0bf01802045c4be
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
Size/MD5: 2183661 891f2cc509331a4283f958b068bbcf7d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2_amd64.deb
Size/MD5: 1221058 9b5c8a651ad77cf6b92216ede3535567

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2_i386.deb
Size/MD5: 1182820 cac90a9294b823590345661faa1e5847

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2_powerpc.deb
Size/MD5: 1205294 7cbfc992145b665864ad260352550e12

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-0ubuntu1.2_sparc.deb
Size/MD5: 1159814 0503cdf19dfa44f0b5acc3b65a69aa71

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1.diff.gz
Size/MD5: 7286 ae881c04eaa732f36ebbf827f24427bf
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1.dsc
Size/MD5: 749 e1bb6d3f0d0b6f8b92079fa27cb8c3d1
http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1.orig.tar.gz
Size/MD5: 3459985 2e3c350fe02b68936a6f8f6460fae8f6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1_amd64.deb
Size/MD5: 2445288 db1df770f52eaad7ac5752c0e82e2473

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1_i386.deb
Size/MD5: 2404202 8cf7a153dac6556701bb54751b5f65a1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1_powerpc.deb
Size/MD5: 2538566 6752811ccc287953e08fa5922fcf8e73

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/ktorrent/ktorrent_2.1-0ubuntu2.1_sparc.deb
Size/MD5: 2408286 576d5404aea241223ac804a4c72cf5ae

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close