ID FREEBSD_PKG_73F53712D02811DB8C070211D85F11FB.NASL Type nessus Reporter This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2007-03-12T00:00:00
Description
Two problems have been found in KTorrent :
KTorrent does not properly sanitize file names to filter out '..'
components, so it's possible for an attacker to create a malicious
torrent in order to overwrite arbitrary files within the filesystem.
Messages with invalid chunk indexes aren't rejected.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(24797);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-1384", "CVE-2007-1385");
script_name(english:"FreeBSD : ktorrent -- multiple vulnerabilities (73f53712-d028-11db-8c07-0211d85f11fb)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"Two problems have been found in KTorrent :
- KTorrent does not properly sanitize file names to filter out '..'
components, so it's possible for an attacker to create a malicious
torrent in order to overwrite arbitrary files within the filesystem.
- Messages with invalid chunk indexes aren't rejected."
);
# http://ktorrent.org/forum/viewtopic.php?t=1401
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?892359f9"
);
# https://vuxml.freebsd.org/freebsd/73f53712-d028-11db-8c07-0211d85f11fb.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?8b20c77f"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ktorrent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ktorrent-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/09");
script_set_attribute(attribute:"patch_publication_date", value:"2007/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"ktorrent<2.1.2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"ktorrent-devel<20070311")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "FREEBSD_PKG_73F53712D02811DB8C070211D85F11FB.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : ktorrent -- multiple vulnerabilities (73f53712-d028-11db-8c07-0211d85f11fb)", "description": "Two problems have been found in KTorrent :\n\n- KTorrent does not properly sanitize file names to filter out '..'\ncomponents, so it's possible for an attacker to create a malicious\ntorrent in order to overwrite arbitrary files within the filesystem.\n\n- Messages with invalid chunk indexes aren't rejected.", "published": "2007-03-12T00:00:00", "modified": "2007-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/24797", "reporter": "This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?892359f9", "http://www.nessus.org/u?8b20c77f"], "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "type": "nessus", "lastseen": "2021-01-07T10:45:43", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1384", "CVE-2007-1385"]}, {"type": "ubuntu", "idList": ["USN-436-1"]}, {"type": "slackware", "idList": ["SSA-2007-093-02"]}, {"type": "openvas", "idList": ["OPENVAS:58196", "OPENVAS:136141256231058196", "OPENVAS:840186", "OPENVAS:58115", "OPENVAS:58251"]}, {"type": "freebsd", "idList": ["73F53712-D028-11DB-8C07-0211D85F11FB"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200705-01.NASL", "UBUNTU_USN-436-1.NASL", "SUSE_KTORRENT-3049.NASL", "SUSE_KTORRENT-3057.NASL", "SLACKWARE_SSA_2007-093-02.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200705-01"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7390"]}, {"type": "osvdb", "idList": ["OSVDB:33980", "OSVDB:33981"]}], "modified": "2021-01-07T10:45:43", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-01-07T10:45:43", "rev": 2}, "vulnersScore": 5.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24797);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n\n script_name(english:\"FreeBSD : ktorrent -- multiple vulnerabilities (73f53712-d028-11db-8c07-0211d85f11fb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two problems have been found in KTorrent :\n\n- KTorrent does not properly sanitize file names to filter out '..'\ncomponents, so it's possible for an attacker to create a malicious\ntorrent in order to overwrite arbitrary files within the filesystem.\n\n- Messages with invalid chunk indexes aren't rejected.\"\n );\n # http://ktorrent.org/forum/viewtopic.php?t=1401\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892359f9\"\n );\n # https://vuxml.freebsd.org/freebsd/73f53712-d028-11db-8c07-0211d85f11fb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b20c77f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ktorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ktorrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ktorrent<2.1.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ktorrent-devel<20070311\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "24797", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ktorrent-devel", "p-cpe:/a:freebsd:freebsd:ktorrent"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:26:04", "description": "Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via \"..\" sequences in a torrent filename.\nThis vulnerability has been addressed with the following product update:\r\nhttp://ktorrent.org/index.php?page=downloads", "edition": 5, "cvss3": {}, "published": "2007-03-10T18:19:00", "title": "CVE-2007-1384", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1384"], "modified": "2011-03-08T02:52:00", "cpe": ["cpe:/a:joris_guisson:ktorrent:2.1.1"], "id": "CVE-2007-1384", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1384", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joris_guisson:ktorrent:2.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:04", "description": "chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.\nThis vulnerability has been addressed in the following product update:\r\nhttp://ktorrent.org/index.php?page=downloads", "edition": 5, "cvss3": {}, "published": "2007-03-10T18:19:00", "title": "CVE-2007-1385", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1385"], "modified": "2011-03-08T02:52:00", "cpe": ["cpe:/a:joris_guisson:ktorrent:2.1.1"], "id": "CVE-2007-1385", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1385", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joris_guisson:ktorrent:2.1.1:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:22:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "Bryan Burns of Juniper Networks discovered that KTorrent did not \ncorrectly validate the destination file paths nor the HAVE statements \nsent by torrent peers. A malicious remote peer could send specially \ncrafted messages to overwrite files or execute arbitrary code with user \nprivileges.", "edition": 6, "modified": "2007-03-13T00:00:00", "published": "2007-03-13T00:00:00", "id": "USN-436-1", "href": "https://ubuntu.com/security/notices/USN-436-1", "title": "KTorrent vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "New ktorrent packages are available for Slackware 11.0 and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz:\n Upgraded to ktorrent-2.1.3.\n A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may\n allow remote attackers to overwrite the ktorrent user's files. A bug in\n chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash\n ktorrent and cause heap corruption by the use of an invalid idx value.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/extra/ktorrent/ktorrent-2.1.3-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n1917c267334e4b90ab04c58b1f2ff338 ktorrent-2.1.3-i486-1_slack11.0.tgz\n\nSlackware -current package:\n64c4d3bf516aebe96b6591ab75c2aeb9 ktorrent-2.1.3-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ktorrent-2.1.3-i486-1_slack11.0.tgz", "modified": "2007-04-03T23:23:09", "published": "2007-04-03T23:23:09", "id": "SSA-2007-093-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332", "type": "slackware", "title": "[slackware-security] ktorrent", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-093-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:58196", "href": "http://plugins.openvas.org/nasl.php?oid=58196", "type": "openvas", "title": "Slackware Advisory SSA:2007-093-02 ktorrent", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_093_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New ktorrent packages are available for Slackware 11.0 and -current to\nfix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-093-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-093-02\";\n \nif(description)\n{\n script_id(58196);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-093-02 ktorrent \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"ktorrent\", ver:\"2.1.3-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-436-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840186", "href": "http://plugins.openvas.org/nasl.php?oid=840186", "type": "openvas", "title": "Ubuntu Update for ktorrent vulnerabilities USN-436-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_436_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ktorrent vulnerabilities USN-436-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bryan Burns of Juniper Networks discovered that KTorrent did not\n correctly validate the destination file paths nor the HAVE statements\n sent by torrent peers. A malicious remote peer could send specially\n crafted messages to overwrite files or execute arbitrary code with user\n privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-436-1\";\ntag_affected = \"ktorrent vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-436-1/\");\n script_id(840186);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"436-1\");\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n script_name( \"Ubuntu Update for ktorrent vulnerabilities USN-436-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ktorrent\", ver:\"1.2-0ubuntu5.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ktorrent\", ver:\"2.0.3+dfsg1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-093-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058196", "type": "openvas", "title": "Slackware Advisory SSA:2007-093-02 ktorrent", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_093_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58196\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-093-02 ktorrent\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK11\\.0\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-093-02\");\n\n script_tag(name:\"insight\", value:\"New ktorrent packages are available for Slackware 11.0 and -current to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-093-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"ktorrent\", ver:\"2.1.3-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58115", "href": "http://plugins.openvas.org/nasl.php?oid=58115", "type": "openvas", "title": "FreeBSD Ports: ktorrent", "sourceData": "#\n#VID 73f53712-d028-11db-8c07-0211d85f11fb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ktorrent\n ktorrent-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://ktorrent.org/forum/viewtopic.php?t=1401\nhttp://www.vuxml.org/freebsd/73f53712-d028-11db-8c07-0211d85f11fb.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58115);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: ktorrent\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ktorrent\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.1.2\")<0) {\n txt += 'Package ktorrent version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ktorrent-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"20070311\")<0) {\n txt += 'Package ktorrent-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-01.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58251", "href": "http://plugins.openvas.org/nasl.php?oid=58251", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200705-01 (ktorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Ktorrent allowing for the\nremote execution of arbitrary code and a Denial of Service.\";\ntag_solution = \"All Ktorrent users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/ktorrent-2.1.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=170303\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200705-01.\";\n\n \n\nif(description)\n{\n script_id(58251);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\", \"CVE-2007-1799\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200705-01 (ktorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-p2p/ktorrent\", unaffected: make_list(\"ge 2.1.3\"), vulnerable: make_list(\"lt 2.1.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "description": "\nTwo problems have been found in KTorrent:\n\nKTorrent does not properly sanitize file names to filter\n\t out \"..\" components, so it's possible for an attacker to create\n\t a malicious torrent in order to overwrite arbitrary files within\n\t the filesystem.\nMessages with invalid chunk indexes aren't rejected.\n\n", "edition": 4, "modified": "2007-03-14T00:00:00", "published": "2007-03-09T00:00:00", "id": "73F53712-D028-11DB-8C07-0211D85F11FB", "href": "https://vuxml.freebsd.org/freebsd/73f53712-d028-11db-8c07-0211d85f11fb.html", "title": "ktorrent -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T09:10:19", "description": "New ktorrent packages are available for Slackware 11.0 and -current\nto fix security issues.", "edition": 24, "published": "2007-04-05T00:00:00", "title": "Slackware 11.0 / current : ktorrent (SSA:2007-093-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385"], "modified": "2007-04-05T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:ktorrent"], "id": "SLACKWARE_SSA_2007-093-02.NASL", "href": "https://www.tenable.com/plugins/nessus/24917", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-093-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24917);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\");\n script_xref(name:\"SSA\", value:\"2007-093-02\");\n\n script_name(english:\"Slackware 11.0 / current : ktorrent (SSA:2007-093-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ktorrent packages are available for Slackware 11.0 and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63e25943\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ktorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ktorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"ktorrent\", pkgver:\"2.1.3\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ktorrent\", pkgver:\"2.1.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:13", "description": "The remote host is affected by the vulnerability described in GLSA-200705-01\n(Ktorrent: Multiple vulnerabilities)\n\n Bryan Burns of Juniper Networks discovered a vulnerability in\n chunkcounter.cpp when processing large or negative idx values, and a\n directory traversal vulnerability in torrent.cpp.\n \nImpact :\n\n A remote attacker could entice a user to download a specially crafted\n torrent file, possibly resulting in the remote execution of arbitrary\n code with the privileges of the user running Ktorrent.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-05-02T00:00:00", "title": "GLSA-200705-01 : Ktorrent: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "modified": "2007-05-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ktorrent", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200705-01.NASL", "href": "https://www.tenable.com/plugins/nessus/25131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200705-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25131);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\", \"CVE-2007-1799\");\n script_xref(name:\"GLSA\", value:\"200705-01\");\n\n script_name(english:\"GLSA-200705-01 : Ktorrent: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200705-01\n(Ktorrent: Multiple vulnerabilities)\n\n Bryan Burns of Juniper Networks discovered a vulnerability in\n chunkcounter.cpp when processing large or negative idx values, and a\n directory traversal vulnerability in torrent.cpp.\n \nImpact :\n\n A remote attacker could entice a user to download a specially crafted\n torrent file, possibly resulting in the remote execution of arbitrary\n code with the privileges of the user running Ktorrent.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ktorrent users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/ktorrent-2.1.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ktorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-p2p/ktorrent\", unaffected:make_list(\"ge 2.1.3\"), vulnerable:make_list(\"lt 2.1.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ktorrent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:21", "description": "Ktorrent insufficiently validated the target file name. A malicious\nServer could therefore overwrite arbitary files of the user\n(CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to\ncrash Ktorrent. (CVE-2007-1385)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KTORRENT-3049.NASL", "href": "https://www.tenable.com/plugins/nessus/29498", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29498);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\", \"CVE-2007-1799\");\n\n script_name(english:\"SuSE 10 Security Update : ktorrent (ZYPP Patch Number 3049)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ktorrent insufficiently validated the target file name. A malicious\nServer could therefore overwrite arbitary files of the user\n(CVE-2007-1384 / CVE-2007-1799). Another bug could be exploited to\ncrash Ktorrent. (CVE-2007-1385)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1384.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1799.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3049.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"ktorrent-1.2-20.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:21", "description": "Ktorrent insufficiently validated the target file name. A malicious\nServer could therefore overwrite arbitary files of the user\n(CVE-2007-1384,CVE-2007-1799). Another bug could be exploited to crash\nKtorrent (CVE-2007-1385).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : ktorrent (ktorrent-3057)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:ktorrent", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_KTORRENT-3057.NASL", "href": "https://www.tenable.com/plugins/nessus/27314", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ktorrent-3057.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27314);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\", \"CVE-2007-1799\");\n\n script_name(english:\"openSUSE 10 Security Update : ktorrent (ktorrent-3057)\");\n script_summary(english:\"Check for the ktorrent-3057 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ktorrent insufficiently validated the target file name. A malicious\nServer could therefore overwrite arbitary files of the user\n(CVE-2007-1384,CVE-2007-1799). Another bug could be exploited to crash\nKtorrent (CVE-2007-1385).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ktorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ktorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ktorrent-1.2-20.8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ktorrent-2.0.3-30\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ktorrent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:42:40", "description": "Bryan Burns of Juniper Networks discovered that KTorrent did not\ncorrectly validate the destination file paths nor the HAVE statements\nsent by torrent peers. A malicious remote peer could send specially\ncrafted messages to overwrite files or execute arbitrary code with\nuser privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 : ktorrent vulnerabilities (USN-436-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "modified": "2007-11-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:ktorrent", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-436-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-436-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28031);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1384\", \"CVE-2007-1385\", \"CVE-2007-1799\");\n script_bugtraq_id(22930);\n script_xref(name:\"USN\", value:\"436-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 : ktorrent vulnerabilities (USN-436-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bryan Burns of Juniper Networks discovered that KTorrent did not\ncorrectly validate the destination file paths nor the HAVE statements\nsent by torrent peers. A malicious remote peer could send specially\ncrafted messages to overwrite files or execute arbitrary code with\nuser privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/436-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ktorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ktorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ktorrent\", pkgver:\"1.2-0ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"ktorrent\", pkgver:\"2.0.3+dfsg1-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ktorrent\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799"], "edition": 1, "description": "### Background\n\nKtorrent is a Bittorrent client for KDE. \n\n### Description\n\nBryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. \n\n### Impact\n\nA remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ktorrent users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-p2p/ktorrent-2.1.3\"", "modified": "2007-05-01T00:00:00", "published": "2007-05-01T00:00:00", "id": "GLSA-200705-01", "href": "https://security.gentoo.org/glsa/200705-01", "type": "gentoo", "title": "Ktorrent: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-1384", "CVE-2007-1385", "CVE-2007-1799", "CVE-2007-1388"], "description": "Directory traversal with torrent files and DoS conditions.", "edition": 1, "modified": "2007-03-12T00:00:00", "published": "2007-03-12T00:00:00", "id": "SECURITYVULNS:VULN:7390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7390", "title": "Ktorrent multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1385"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://ktorrent.org/forum/viewtopic.php?t=1401\nVendor Specific News/Changelog Entry: https://launchpad.net/bugs/91174\n[Secunia Advisory ID:25097](https://secuniaresearch.flexerasoftware.com/advisories/25097/)\n[Secunia Advisory ID:24995](https://secuniaresearch.flexerasoftware.com/advisories/24995/)\n[Secunia Advisory ID:24459](https://secuniaresearch.flexerasoftware.com/advisories/24459/)\n[Secunia Advisory ID:24486](https://secuniaresearch.flexerasoftware.com/advisories/24486/)\n[Secunia Advisory ID:24753](https://secuniaresearch.flexerasoftware.com/advisories/24753/)\n[Related OSVDB ID: 33981](https://vulners.com/osvdb/OSVDB:33981)\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-01.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-436-1\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_007_suse.html\nMail List Post: http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2\nFrSIRT Advisory: ADV-2007-0913\n[CVE-2007-1385](https://vulners.com/cve/CVE-2007-1385)\nBugtraq ID: 22930\n", "edition": 1, "modified": "2007-03-09T10:48:55", "published": "2007-03-09T10:48:55", "href": "https://vulners.com/osvdb/OSVDB:33980", "id": "OSVDB:33980", "title": "KTorrent chunkcounter.cpp Malformed idx Value DoS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1384", "CVE-2007-1799"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://ktorrent.org/forum/viewtopic.php?t=1401\nVendor Specific News/Changelog Entry: https://bugs.gentoo.org/show_bug.cgi?id=170303\nVendor Specific News/Changelog Entry: https://launchpad.net/bugs/91174\nVendor Specific News/Changelog Entry: http://bugs.kde.org/show_bug.cgi?id=143637\n[Secunia Advisory ID:25097](https://secuniaresearch.flexerasoftware.com/advisories/25097/)\n[Secunia Advisory ID:24995](https://secuniaresearch.flexerasoftware.com/advisories/24995/)\n[Secunia Advisory ID:26773](https://secuniaresearch.flexerasoftware.com/advisories/26773/)\n[Secunia Advisory ID:24486](https://secuniaresearch.flexerasoftware.com/advisories/24486/)\n[Secunia Advisory ID:24459](https://secuniaresearch.flexerasoftware.com/advisories/24459/)\n[Secunia Advisory ID:24753](https://secuniaresearch.flexerasoftware.com/advisories/24753/)\n[Related OSVDB ID: 33980](https://vulners.com/osvdb/OSVDB:33980)\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00138.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.401332\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-01.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-436-1\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_007_suse.html\nMail List Post: http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2\nFrSIRT Advisory: ADV-2007-0913\n[CVE-2007-1384](https://vulners.com/cve/CVE-2007-1384)\n[CVE-2007-1799](https://vulners.com/cve/CVE-2007-1799)\nBugtraq ID: 22930\n", "edition": 1, "modified": "2007-03-09T10:48:55", "published": "2007-03-09T10:48:55", "href": "https://vulners.com/osvdb/OSVDB:33981", "id": "OSVDB:33981", "title": "KTorrent torrent.cpp Torrent Filename Traversal Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}