Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Ktorrent (multiple bugs)
Опубликовано:12 марта 2007 г.
Источник:
SecurityVulns ID:7390
Тип:клиент
Уровень опасности:
6/10
Описание:Обратный путь в каталогах и DoS-условия.
Затронутые продукты:KTORRENT : KTorrent 2.1
CVE:CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.)
 CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.)
 CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.)
 CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород