BitTorrent 6.0.1and uTorrent 1.7.6 unspecified crash in the webui

2009-09-06 / 2009-09-07
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

########## Luigi Auriemma Applications: BitTorrent and uTorrent http://www.bittorrent.com http://www.utorrent.com Versions: BitTorrent <= 6.0.1 (build 7859) uTorrent <= 1.7.6 (build 7859) uTorrent <= 1.8-alpha-7928 Platforms: Windows confirmed Mac and Linux (both available only on BitTorrent) have not been tested Bug: unspecified crash in the webui Exploitation: remote Date: 27 Jan 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ########## 1) Introduction 2) Bug 3) The Code 4) Fix ########## =============== 1) Introduction =============== BitTorrent and uTorrent are the most used clients for the bittorrent protocol and are both built over the same code base derived by uTorrent. ########## ====== 2) Bug ====== Both uTorrent and BitTorrent have the possibility to be administered remotely through a very nice web interface called webui. Exists a problem with the handling of the Range header received in the HTTP request of the browser which can be exploited for crashing the remote uTorrent/BitTorrent client if the webui interface is in use. For doing this is enough that an attacker sends some consecutives HTTP requests using a Range header which increases each time. After about 40 connections the client crashes due to the access to the end of the available memory. ########## =========== 3) The Code =========== http://aluigi.org/poc/ruttorrent2.zip ########## ====== 4) Fix ====== uTorrent 1.7.7 build 8179 ##########

References:

http://www.vupen.com/english/advisories/2008/0327
http://www.vupen.com/english/advisories/2008/0326
http://secunia.com/advisories/28695
http://secunia.com/advisories/28686
http://osvdb.org/42826
http://osvdb.org/42825
http://aluigi.altervista.org/adv/ruttorrent2-adv.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top