Vulnerabilities > CVE-2007-1385 - Unspecified vulnerability in Joris Guisson Ktorrent
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN joris-guisson
nessus
Summary
chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_KTORRENT-3049.NASL description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to crash Ktorrent. (CVE-2007-1385) last seen 2020-06-01 modified 2020-06-02 plugin id 29498 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29498 title SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29498); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"); script_name(english:"SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to crash Ktorrent. (CVE-2007-1385)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1384.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1385.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1799.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3049."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"ktorrent-1.2-20.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-093-02.NASL description New ktorrent packages are available for Slackware 11.0 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24917 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24917 title Slackware 11.0 / current : ktorrent (SSA:2007-093-02) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-436-1.NASL description Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28031 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28031 title Ubuntu 6.06 LTS / 6.10 : ktorrent vulnerabilities (USN-436-1) NASL family SuSE Local Security Checks NASL id SUSE_KTORRENT-3057.NASL description Ktorrent insufficiently validated the target file name. A malicious Server could therefore overwrite arbitary files of the user (CVE-2007-1384,CVE-2007-1799). Another bug could be exploited to crash Ktorrent (CVE-2007-1385). last seen 2020-06-01 modified 2020-06-02 plugin id 27314 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27314 title openSUSE 10 Security Update : ktorrent (ktorrent-3057) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_73F53712D02811DB8C070211D85F11FB.NASL description Two problems have been found in KTorrent : - KTorrent does not properly sanitize file names to filter out last seen 2020-06-01 modified 2020-06-02 plugin id 24797 published 2007-03-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24797 title FreeBSD : ktorrent -- multiple vulnerabilities (73f53712-d028-11db-8c07-0211d85f11fb) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-01.NASL description The remote host is affected by the vulnerability described in GLSA-200705-01 (Ktorrent: Multiple vulnerabilities) Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Impact : A remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25131 published 2007-05-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25131 title GLSA-200705-01 : Ktorrent: Multiple vulnerabilities
References
- http://ktorrent.org/forum/viewtopic.php?t=1401
- http://ktorrent.org/forum/viewtopic.php?t=1401
- http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2
- http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2
- http://secunia.com/advisories/24459
- http://secunia.com/advisories/24459
- http://secunia.com/advisories/24486
- http://secunia.com/advisories/24486
- http://secunia.com/advisories/24753
- http://secunia.com/advisories/24753
- http://secunia.com/advisories/24995
- http://secunia.com/advisories/24995
- http://secunia.com/advisories/25097
- http://secunia.com/advisories/25097
- http://security.gentoo.org/glsa/glsa-200705-01.xml
- http://security.gentoo.org/glsa/glsa-200705-01.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332
- http://www.novell.com/linux/security/advisories/2007_007_suse.html
- http://www.novell.com/linux/security/advisories/2007_007_suse.html
- http://www.securityfocus.com/bid/22930
- http://www.securityfocus.com/bid/22930
- http://www.securitytracker.com/id?1017747
- http://www.securitytracker.com/id?1017747
- http://www.ubuntu.com/usn/usn-436-1
- http://www.ubuntu.com/usn/usn-436-1
- http://www.vupen.com/english/advisories/2007/0913
- http://www.vupen.com/english/advisories/2007/0913
- https://launchpad.net/bugs/91174
- https://launchpad.net/bugs/91174