Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 266953 (CVE-2009-1759) - <net-p2p/ctorrent-3.3.2-r1: Stack-based buffer overflow (CVE-2009-1759)
Summary: <net-p2p/ctorrent-3.3.2-r1: Stack-based buffer overflow (CVE-2009-1759)
Status: RESOLVED FIXED
Alias: CVE-2009-1759
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://milw0rm.com/exploits/8470
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-21 08:27 UTC by Alex Legler (RETIRED)
Modified: 2013-11-20 10:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-21 08:27:04 UTC
Quoting Secunia (http://secunia.com/advisories/34752/):

A vulnerability has been discovered in Enhanced CTorrent, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the function "btFiles::BuildFromMI()" in btfiles.cpp and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted torrent file.

The vulnerability is confirmed in version 3.3.2. Other versions may also be affected.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-04-21 08:28:26 UTC
"#Exploit tested on cTorrent 1.3.4 using Debian Sarge using Linux kernel 2.4.27-3-386
#Can't get the exploit working on a modern linux kernel because of ASLR"

We might need to investigate further on that.
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-05-24 17:08:39 UTC
CVE-2009-1759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1759):
  Stack-based buffer overflow in the btFiles::BuildFromMI function
  (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and
  probably earlier, and CTorrent 1.3.4, allows remote attackers to
  cause a denial of service (crash) and possibly execute arbitrary code
  via a Torrent file containing a long path.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-07-10 10:55:30 UTC
net-p2p, ping
Comment 5 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-08-30 10:53:20 UTC
+*ctorrent-3.3.2-r1 (30 Aug 2010)
+
+  30 Aug 2010; Alex Legler <a3li@gentoo.org> +ctorrent-3.3.2-r1.ebuild,
+  +files/ctorrent-CVE-2009-1759.patch:
+  Non-maintainer commit: Revision bump to fix CVE-2009-1759, bug 266953.
+

Arches, please test and mark stable:
=net-p2p/ctorrent-3.3.2-r1
Target keywords : "amd64 arm ppc s390 sh x86"
Comment 6 Myckel Habets archtester 2010-08-30 19:41:16 UTC
Builds and runs fine on x86. Please mark stable for x86.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-08-31 04:04:31 UTC
x86 stable, thanks Myckel
Comment 8 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 12:35:27 UTC
amd64 done
Comment 9 Joe Jezak (RETIRED) gentoo-dev 2010-09-11 22:04:06 UTC
Marked ppc stable.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2010-09-19 17:54:41 UTC
arm/s390/sh stable
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2010-11-20 23:26:03 UTC
GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-11-20 10:50:12 UTC
This issue was resolved and addressed in
 GLSA 201311-11 at http://security.gentoo.org/glsa/glsa-201311-11.xml
by GLSA coordinator Sergey Popov (pinkbyte).