Quoting Secunia (http://secunia.com/advisories/34752/): A vulnerability has been discovered in Enhanced CTorrent, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the function "btFiles::BuildFromMI()" in btfiles.cpp and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted torrent file. The vulnerability is confirmed in version 3.3.2. Other versions may also be affected.
"#Exploit tested on cTorrent 1.3.4 using Debian Sarge using Linux kernel 2.4.27-3-386 #Can't get the exploit working on a modern linux kernel because of ASLR" We might need to investigate further on that.
patch: http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
CVE-2009-1759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1759): Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
net-p2p, ping
+*ctorrent-3.3.2-r1 (30 Aug 2010) + + 30 Aug 2010; Alex Legler <a3li@gentoo.org> +ctorrent-3.3.2-r1.ebuild, + +files/ctorrent-CVE-2009-1759.patch: + Non-maintainer commit: Revision bump to fix CVE-2009-1759, bug 266953. + Arches, please test and mark stable: =net-p2p/ctorrent-3.3.2-r1 Target keywords : "amd64 arm ppc s390 sh x86"
Builds and runs fine on x86. Please mark stable for x86.
x86 stable, thanks Myckel
amd64 done
Marked ppc stable.
arm/s390/sh stable
GLSA request filed.
This issue was resolved and addressed in GLSA 201311-11 at http://security.gentoo.org/glsa/glsa-201311-11.xml by GLSA coordinator Sergey Popov (pinkbyte).
