lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 12 Mar 2007 18:33:01 -0700
From: Kees Cook <>
Subject: [USN-436-1] KTorrent vulnerabilities

Ubuntu Security Notice USN-436-1             March 12, 2007
ktorrent vulnerabilities
CVE-2007-1384, CVE-2007-1385

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ktorrent                                 1.2-0ubuntu5.1

Ubuntu 6.10:
  ktorrent                                 2.0.3+dfsg1-0ubuntu1.1

After a standard system upgrade you need to restart KTorrent to effect 
the necessary changes.

Details follow:

Bryan Burns of Juniper Networks discovered that KTorrent did not 
correctly validate the destination file paths nor the HAVE statements 
sent by torrent peers.  A malicious remote peer could send specially 
crafted messages to overwrite files or execute arbitrary code with user 

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    43785 79df81a2daf88ed095153f8b664f7da4
      Size/MD5:      785 b33cc9609741465d1acfed4c3e86c87e
      Size/MD5:  1447380 55c6c4ae679aea0ba0370058856ddb92

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   799590 1e15c2c9901fe1bd815d3ebebc33c841

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   756604 9d33c77836ca569ac77e5cb1e43727e5

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   790462 59620e287be8fa5f39725c579516d580

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   759414 53bcc7c1baf8bf5a6d2f21fd4677ab34

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   336981 510bbd0ce41892c3f73580c6912e8cca
      Size/MD5:      754 fba0cabd58450420a144ce4aceec77e1
      Size/MD5:  2183661 891f2cc509331a4283f958b068bbcf7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  1220846 74e7cbb176c3167fd3ebc1262a83fb69

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  1182658 0d40b9c135c6f835da909aee5a7320a5

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  1205360 1748f978c4bd43e805bd64615e5cebee

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:  1159794 8c7988c495afa48bae90fc1d21f49d71

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists