lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 18 22:06:28 2006 From: vulnmonitor at fortinet.com (Fortinet Research) Subject: Fortinet Advisory: BitComet URI Buffer Overflow Vulnerability Fortinet Security Advisory: FSA-2006-07 BitComet URI Buffer Overflow Vulnerability Advisory Date : January 18, 2006 Reported Date : November 29, 2005 Vendor : BitComet Affected Products : BitComet v0.60 Severity : High Reference : http://www.bitcomet.com/doc/download.htm Description : Fortinet Security Research Team (FSRT) has discovered a URI buffer overflow Vulnerability in the BitComet P2P Client software. It indicates a possible exploit of buffer overflow vulnerability in BitComet. BitComet is one of the most popular P2P Client for file sharing, which uses bittorrent protocol. There is a bug in BitComet, a remote attacker could construct a special .torrent file and put it on any bt publish web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary Command on victims host by specially crafted .torrent file. Impact : Execute arbitrary code Solution : BitComet has released a update for this vulnerability, which is available for downloading from BitComet's web site. Fortinet Protection: FortiGate series of security systems have been updated to detect exploits targeting this vulnerability. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.
Powered by blists - more mailing lists