Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 273916 - <net-libs/libtorrent-0.14.4 file overwriting/creation via dot-dot in .torrent file (CVE-2009-1760)
Summary: <net-libs/libtorrent-0.14.4 file overwriting/creation via dot-dot in .torrent...
Status: RESOLVED DUPLICATE of bug 273156
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/project/showno...
Whiteboard: B1 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-12 20:49 UTC by Stefan Behte (RETIRED)
Modified: 2009-06-13 08:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 20:49:12 UTC
CVE-2009-1760 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1760):
  Directory traversal vulnerability in src/torrent_info.cpp in
  Rasterbar libtorrent before 0.14.4, as used in firetorrent,
  qBittorrent, deluge Torrent, and other applications, allows remote
  attackers to create or overwrite arbitrary files via a .. (dot dot)
  and partial relative pathname in a Multiple File Mode list element in
  a .torrent file.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-06-13 08:40:26 UTC

*** This bug has been marked as a duplicate of bug 273156 ***