Transmission: Remote code execution

2018-06-20T00:00:00
ID GLSA-201806-07
Type gentoo
Reporter Gentoo Foundation
Modified 2018-06-20T00:00:00

Description

Background

Transmission is a cross-platform BitTorrent client.

Description

A vulnerability was discovered in how Transmission handles access control through the X-Transmission-Session-Id.

Impact

A remote attacker could execute arbitrary RFC commands or consequently conduct a DNS rebinding attack.

Workaround

There is no known workaround at this time.

Resolution

All Transmission users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-p2p/transmission-"