Summary: | net-p2p/ktorrent <2.2.8 web interface plugin vulnerable to PHP injection (CVE-2008-{5905,5906}) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | eleanor <evangeline.eleanor> | ||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | major | CC: | deathwing00, juantxorena, kde, kensington, net-p2p | ||||||||||
Priority: | High | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | x86 | ||||||||||||
OS: | Linux | ||||||||||||
URL: | http://secunia.com/advisories/32442/ | ||||||||||||
Whiteboard: | C1 [glsa] | ||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
eleanor
2008-10-28 11:31:34 UTC
http://secunia.com/advisories/32442/ We have 3.1.4 in the tree, the advisory says only 3.x is vulnerable. Topic and whiteboard should be changed accordingly. Maintainers: Can we remove the vulnerable version 3.1.3? Unfortunately, I don't have edit rights. Note that the 2.x version of ktorrent is also affected for both issues (file upload, and php command execution). The upload issue can be exploited by unauthorized users to start downloads/seeding for a given torrent. I could not exploit the second issue to execute code when not authorized to the system. Created attachment 170106 [details]
ktorrent-3.1.3-upload.patch
Upstream 3.1.4 patch for issue (1).
Created attachment 170108 [details]
ktorrent-3.1.3-php-injection.patch
Upstream 3.1.4 patch for issue (2).
Created attachment 170109 [details]
ktorrent-2.2.7-upload.patch
Backported 2.2.7 patch for issue (1).
Created attachment 170111 [details]
ktorrent-2.2.7-php-injection.patch
Backported 2.2.7 patch for issue (2).
FYI, a 2.2.8 version has been released today to fix this problem. net-p2p, please bump ping Ok now you can CC archies so they stable 2.2.8 asap and remove 2.2.7. Arches, please test and mark stable: =net-p2p/ktorrent-2.2.8 Target keywords : "amd64 ppc ppc64 sparc x86" amd64/x86 stable ppc stable sparc stable pp64: *ping* ppc64 done Looks like all archies done, so closing. Thanks for cooperation :] Please don't simply close security bugs. C1, if it proves to be correct, requires a GLSA. Thank you, Christian. ... and I vote YES. C1 is correct in my view. This is major severity and needs a GLSA. Request filed. GLSA 200902-05, sorry for the delay. |