Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 516822

Summary: <net-p2p/transmission-2.84: peer communication vulnerability (CVE-2014-4909)
Product: Gentoo Security Reporter: Samuli Suominen (RETIRED) <ssuominen>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description Samuli Suominen (RETIRED) gentoo-dev 2014-07-10 05:00:41 UTC
2.84 is same as 2.83 but with security bug fixed:

Transmission 2.84 (2014/07/01)

Fix peer communication vulnerability (no known exploits) reported by Ben Hawkes
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2014-07-10 05:02:37 UTC
Please test and stabilize:

Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2014-07-10 06:05:01 UTC
Tried to find the vulnerability. This looks like it:

 proof-of-concept for tr_bitfieldEnsureNthBitAlloced overflow:

     tr_bitfieldEnsureBitsAlloced (b, nth + 1);
     b->bits[nth >> 3u] |= (0x80 >> (nth & 7u));

   results in a 1-bit out-of-bound write at constant address 0x1fffffff
   affects 32-bit systems only due to int index being cast to size_t nth

   its also possible to trigger the write relative to an allocated chunk
   by sending a valid response to the first piece request and triggering
   the bug on the second piece request (such that b->bits is allocated)

   submission acts as a seeding peer for the provided torrent file

   by default, transmission clients will use uTP and encryption, which
   submission doesn't support. tested using the following client:

     transmission-2.83/daemon/transmission-daemon -et --no-utp -f -c .


   - hawkes (
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-07-10 06:08:32 UTC
Arches, please test and mark stable:


Target Keywords : "amd64 ppc ppc64 x86"

Thank you!
Comment 4 Agostino Sarubbo gentoo-dev 2014-07-12 10:55:20 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-07-12 10:55:40 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-08 21:35:57 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-09 10:49:12 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 Samuli Suominen (RETIRED) gentoo-dev 2014-08-10 05:17:21 UTC
cleanup done
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2014-08-17 05:50:22 UTC
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-25 20:16:17 UTC
GLSA vote: No
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 00:12:23 UTC
CVE-2014-4909 (
  Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in
  bitfield.c in Transmission before 2.84 allows remote attackers to cause a
  denial of service and possibly execute arbitrary code via a crafted peer
  message, which triggers an out-of-bounds write.