Rasterbar libtorrent arbitrary file overwrite vulnerability

2009-06-08 / 2009-06-09
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-22


Ogólna skala CVSS: 5.8/10
Znaczenie: 4.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

'libtorrent' is an open-source C++ bittorrent library by Rasterbar Software that is used in many desktop applications and embedded devices. Popular BitTorrent clients that use this library are 'firetorrent', 'qBittorrent' and 'deluge Torrent'. For a more comprehensive list of libtorrent-based applications, see [1]. I have discovered an 'arbitrary file overwrite' vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) with the effective rights of the user executing the vulnerable libtorrent-based application. libtorrent (up to and including version 0.14.3) employs an insufficient path sanitization method that allows the formulation of relative paths from the path elements found in .torrent files. Specifically, this applies to .torrent files that describe multiple files (see "Multiple File Mode" [2]). An adversary could use such relative paths, in a specially crafted .torrent file, to replace or create files in vulnerable systems. See [3] for more information regarding the nature of this vulnerability. The maintainer of libtorrent has been contacted and a new version (0.14.4) of the library that fixes this issue has been released [4],[5]. All affected parties are advised to upgrade to the latest release. The Common Vulnerabilities and Exposures (CVE) project has assigned the candidate name CVE-2009-1760 to this issue. Vendor notification date: May 27th, 2009 Vendor acknowledgement date: May 28th, 2009 Vendor bugfix release date: June 1st, 2009 Public disclosure date: June 8th, 2009 With kind regards, Dimitris Glynos

Referencje:

http://www.rasterbar.com/products/libtorrent/projects.html
http://wiki.theory.org/BitTorrentSpecification#Info_in_Multiple_File_Mode
http://sf.net/project/shownotes.php?group_id=79942&release_id=686456


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top