Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 283819 (CVE-2008-7166) - net-p2p/bittorrent: Web interface DoS (CVE-2008-7166)
Summary: net-p2p/bittorrent: Web interface DoS (CVE-2008-7166)
Status: RESOLVED OBSOLETE
Alias: CVE-2008-7166
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/28695/2/
Whiteboard: B3 [noglsa]
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2009-09-06 09:38 UTC by Alex Legler (RETIRED)
Modified: 2016-02-29 13:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-06 09:38:39 UTC
CVE-2008-7166 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7166):
  Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859)
  and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote
  attackers to cause a denial of service (memory consumption and crash)
  via a crafted Range header.  NOTE: this is probably a different
  vulnerability than CVE-2008-0071 and CVE-2008-0364.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-06 09:39:37 UTC
Filed as UNCO as it up to date only the Windows version has been proven vulnerable. No patch available atm.
Comment 2 Ryan Hill (RETIRED) gentoo-dev 2011-03-16 02:43:35 UTC
We don't even have this version in the tree.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-04-27 12:49:52 UTC
The original advisory says:
Versions:     BitTorrent <= 6.0.1 (build 7859)
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 02:23:39 UTC
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7166 says that 4.4.0 is affected. @maintainers: I think it's necessary to bump to >6.0.1, no patch/workaround seems to be available. Still unclear whether this is windows-only.
Comment 5 Pacho Ramos gentoo-dev 2015-12-31 12:07:30 UTC
removed from the tree
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-02-22 10:40:11 UTC
net-p2p/bittorrent removed from tree months ago per previous comment
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2016-02-29 13:52:23 UTC
closing as package is no longer in tree