{"id": "OPENVAS:64307", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Core 9 FEDORA-2009-6682 (deluge)", "description": "The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6682.", "published": "2009-06-30T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64307", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=505523"], "cvelist": ["CVE-2009-1760"], "lastseen": "2017-07-25T10:57:00", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-25T10:57:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1760"]}, {"type": "openvas", "idList": ["OPENVAS:64304", "OPENVAS:64306", "OPENVAS:136141256231064304", "OPENVAS:64303", "OPENVAS:64436", "OPENVAS:136141256231064303", "OPENVAS:136141256231064285", "OPENVAS:64305", "OPENVAS:136141256231064436", "OPENVAS:64285"]}, {"type": "gentoo", "idList": ["GLSA-200907-14"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21970", "SECURITYVULNS:VULN:9973"]}, {"type": "fedora", "idList": ["FEDORA:BC20C10F8AA", "FEDORA:0FAF110F8A7", "FEDORA:7053610F8A3", "FEDORA:C725610F8A2", "FEDORA:1344D10F8AD"]}, {"type": "nessus", "idList": ["FEDORA_2009-6502.NASL", "DEBIAN_DSA-1815.NASL", "FEDORA_2009-6619.NASL", "GENTOO_GLSA-200907-14.NASL", "MANDRIVA_MDVSA-2009-139.NASL", "FEDORA_2009-6682.NASL", "FEDORA_2009-6760.NASL", "FEDORA_2009-6547.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1815-1:8FD2F"]}], "modified": "2017-07-25T10:57:00", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "64307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6682.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6682 (deluge)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis release adds a backported upstream patch to fix a directory traversal\nvulnerability in the included copy of libtorrent which would allow a remote\nattacker to create or overwrite arbitrary files via a .. (dot dot) and partial\nrelative pathname in a specially-crafted torrent.\n\nChangeLog:\n\n* Thu Jun 18 2009 Peter Gordon - 0.5.9.3-2\n- Revert CVS files to to 0.9.5.3\n- Add backported patch for the included copy of rb_libtorrent to fix\nCVE-2009-1760 (#505523):\n+ 0.5.9.3-CVE-2009-1760.diff\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update deluge' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6682\";\ntag_summary = \"The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6682.\";\n\n\n\nif(description)\n{\n script_id(64307);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-6682 (deluge)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"deluge\", rpm:\"deluge~0.5.9.3~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deluge-debuginfo\", rpm:\"deluge-debuginfo~0.5.9.3~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T05:40:02", "description": "Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.", "edition": 6, "cvss3": {}, "published": "2009-06-11T21:30:00", "title": "CVE-2009-1760", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1760"], "modified": "2018-10-10T19:38:00", "cpe": ["cpe:/a:rasterbar_software:libtorrent:0.14.3", "cpe:/a:rasterbar_software:libtorrent:0.12.1", "cpe:/a:rasterbar_software:libtorrent:0", "cpe:/a:rasterbar_software:libtorrent:0.12"], "id": "CVE-2009-1760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1760", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rasterbar_software:libtorrent:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rasterbar_software:libtorrent:0:*:*:*:*:*:*:*", "cpe:2.3:a:rasterbar_software:libtorrent:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:rasterbar_software:libtorrent:0.12.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6502.", "modified": "2017-07-10T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64306", "href": "http://plugins.openvas.org/nasl.php?oid=64306", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-6502 (rb_libtorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6502.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6502 (rb_libtorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis release adds an upstream patch to fix a directory traversal vulnerability\nwhich would allow a remote attacker to create or overwrite arbitrary files via a\n.. (dot dot) and partial relative pathname in a specially-crafted torrent.\n\nChangeLog:\n\n* Fri Jun 12 2009 Peter Gordon - 0.14.3-2\n- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite\nvulnerability):\n+ CVE-2009-1760.diff\n- Fixes security bug #505523.\n- Drop outdated Boost patch:\n- 0.13.1-boost.patch\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rb_libtorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6502\";\ntag_summary = \"The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6502.\";\n\n\n\nif(description)\n{\n script_id(64306);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-6502 (rb_libtorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rb_libtorrent\", rpm:\"rb_libtorrent~0.14.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-devel\", rpm:\"rb_libtorrent-devel~0.14.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-examples\", rpm:\"rb_libtorrent-examples~0.14.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-python\", rpm:\"rb_libtorrent-python~0.14.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-debuginfo\", rpm:\"rb_libtorrent-debuginfo~0.14.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6760.", "modified": "2018-04-06T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:136141256231064304", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064304", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6760 (deluge)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6760.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6760 (deluge)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nDeluge 1.1.9 contains updated translations and fixes for a move torrent issue\n(now only happens when the torrent has data downloaded), a folder renaming bug\n(renaming a parent folder into multiple folders), and an issue with adding a\nremote torrent in the WebUI. This update also includes all upstream bug-fixes\nand enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this\npackage). For a full list of these changes, please see the upstream changelog:\nhttp://dev.deluge-torrent.org/wiki/ChangeLog In addition, the included copy\nof rb_libtorrent has been updated to fix a potential directory traversal\nvulnerability which would allow a remote attacker to create or overwrite\narbitrary files via a .. (dot dot) and partial relative pathname in a\nspecially-crafted torrent.\n\nChangeLog:\n\n* Wed Jun 17 2009 Peter Gordon - 1.1.9-1\n- Update to new upstream bug-fix release (1.1.9), updates internal libtorrent\ncopy to fix CVE-2009-1760 (#505523).\n- Adds dependency on chardet for fixing lots of bugs with torrents\nwhich are not encoded as UTF-8.\n- Add back the flags, in an optional -flags subpackage as per the new Flags\npolicy (Package_Maintainers_Flags_Policy on the wiki).\n- Add LICENSE and README to installed documentation.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update deluge' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6760\";\ntag_summary = \"The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6760.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64304\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6760 (deluge)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"deluge\", rpm:\"deluge~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deluge-flags\", rpm:\"deluge-flags~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deluge-debuginfo\", rpm:\"deluge-debuginfo~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6619.", "modified": "2017-07-10T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64305", "href": "http://plugins.openvas.org/nasl.php?oid=64305", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6619 (rb_libtorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6619.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6619 (rb_libtorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis release adds an upstream patch to fix a directory traversal vulnerability\nwhich would allow a remote attacker to create or overwrite arbitrary files via a\n.. (dot dot) and partial relative pathname in a specially-crafted torrent.\nIn addition to this, asio-devel has been added to the dependencies for the\nrb_libtorrent-devel package - a fix already applied to the Fedora 10, 11, and\nDevelopment (Rawhide) packages.\nChangeLog:\n\n* Sun Jun 14 2009 Peter Gordon - 0.12.1-2\n- Apply backported upstream patch to fix CVE-2009-1760 (arbitrary file\noverwrite vulnerability):\n+ 0.12-CVE-2009-1760.diff\n- Fixes security bug #505523.\n- Add asio-devel as runtime dependency for the devel subpackage (#478589)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rb_libtorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6619\";\ntag_summary = \"The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6619.\";\n\n\n\nif(description)\n{\n script_id(64305);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-6619 (rb_libtorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rb_libtorrent\", rpm:\"rb_libtorrent~0.12.1~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-devel\", rpm:\"rb_libtorrent-devel~0.12.1~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-examples\", rpm:\"rb_libtorrent-examples~0.12.1~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-debuginfo\", rpm:\"rb_libtorrent-debuginfo~0.12.1~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6547.", "modified": "2018-04-06T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:136141256231064303", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064303", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6547 (rb_libtorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6547.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6547 (rb_libtorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Its main goals are to be very efficient (in terms of CPU and memory usage) as\nwell as being very easy to use both as a user and developer.\n\nUpdate Information:\n\nThis release adds an upstream patch to fix a directory traversal vulnerability\nwhich would allow a remote attacker to create or overwrite arbitrary files via a\n.. (dot dot) and partial relative pathname in a specially-crafted torrent.\n\nChangeLog:\n\n* Sun Jun 14 2009 Peter Gordon - 0.13.1-5\n- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite\nvulnerability):\n+ 0.13-CVE-2009-1760.diff\n- Fixes security bug #505523.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rb_libtorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6547\";\ntag_summary = \"The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6547.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64303\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6547 (rb_libtorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rb_libtorrent\", rpm:\"rb_libtorrent~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-devel\", rpm:\"rb_libtorrent-devel~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-python\", rpm:\"rb_libtorrent-python~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-debuginfo\", rpm:\"rb_libtorrent-debuginfo~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6760.", "modified": "2017-07-10T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64304", "href": "http://plugins.openvas.org/nasl.php?oid=64304", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6760 (deluge)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6760.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6760 (deluge)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nDeluge 1.1.9 contains updated translations and fixes for a move torrent issue\n(now only happens when the torrent has data downloaded), a folder renaming bug\n(renaming a parent folder into multiple folders), and an issue with adding a\nremote torrent in the WebUI. This update also includes all upstream bug-fixes\nand enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this\npackage). For a full list of these changes, please see the upstream changelog:\nhttp://dev.deluge-torrent.org/wiki/ChangeLog In addition, the included copy\nof rb_libtorrent has been updated to fix a potential directory traversal\nvulnerability which would allow a remote attacker to create or overwrite\narbitrary files via a .. (dot dot) and partial relative pathname in a\nspecially-crafted torrent.\n\nChangeLog:\n\n* Wed Jun 17 2009 Peter Gordon - 1.1.9-1\n- Update to new upstream bug-fix release (1.1.9), updates internal libtorrent\ncopy to fix CVE-2009-1760 (#505523).\n- Adds dependency on chardet for fixing lots of bugs with torrents\nwhich are not encoded as UTF-8.\n- Add back the flags, in an optional -flags subpackage as per the new Flags\npolicy (Package_Maintainers_Flags_Policy on the wiki).\n- Add LICENSE and README to installed documentation.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update deluge' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6760\";\ntag_summary = \"The remote host is missing an update to deluge\nannounced via advisory FEDORA-2009-6760.\";\n\n\n\nif(description)\n{\n script_id(64304);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6760 (deluge)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"deluge\", rpm:\"deluge~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deluge-flags\", rpm:\"deluge-flags~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"deluge-debuginfo\", rpm:\"deluge-debuginfo~1.1.9~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to libtorrent-rasterbar\nannounced via advisory MDVSA-2009:139.", "modified": "2017-07-06T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64285", "href": "http://plugins.openvas.org/nasl.php?oid=64285", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_139.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:139 (libtorrent-rasterbar)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security vulnerability has been identified and corrected in\nlibtorrent-rasterbar:\n\nDirectory traversal vulnerability in src/torrent_info.cpp in Rasterbar\nlibtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge\nTorrent, and other applications, allows remote attackers to create\nor overwrite arbitrary files via a .. (dot dot) and partial relative\npathname in a Multiple File Mode list element in a .torrent file\n(CVE-2009-1760).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:139\";\ntag_summary = \"The remote host is missing an update to libtorrent-rasterbar\nannounced via advisory MDVSA-2009:139.\";\n\n \n\nif(description)\n{\n script_id(64285);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtorrent-rasterbar1\", rpm:\"libtorrent-rasterbar1~0.14.1~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtorrent-rasterbar-devel\", rpm:\"libtorrent-rasterbar-devel~0.14.1~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-libtorrent-rasterbar\", rpm:\"python-libtorrent-rasterbar~0.14.1~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64torrent-rasterbar1\", rpm:\"lib64torrent-rasterbar1~0.14.1~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64torrent-rasterbar-devel\", rpm:\"lib64torrent-rasterbar-devel~0.14.1~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to libtorrent-rasterbar\nannounced via advisory DSA 1815-1.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:136141256231064249", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064249", "type": "openvas", "title": "Debian Security Advisory DSA 1815-1 (libtorrent-rasterbar)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1815_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1815-1 (libtorrent-rasterbar)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Rasterbar Bittorrent library performed\ninsufficient validation of path names specified in torrent files, which\ncould lead to denial of service by overwriting files.\n\nThe old stable distribution (etch) doesn't include libtorrent-rasterbar.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.13.1-2+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.14.4-1.\n\nWe recommend that you upgrade your libtorrent-rasterbar package.\";\ntag_summary = \"The remote host is missing an update to libtorrent-rasterbar\nannounced via advisory DSA 1815-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201815-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64249\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1815-1 (libtorrent-rasterbar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtorrent-rasterbar-doc\", ver:\"0.13.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtorrent-rasterbar-dev\", ver:\"0.13.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtorrent-rasterbar0\", ver:\"0.13.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtorrent-rasterbar-dbg\", ver:\"0.13.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-14.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064436", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064436", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-14 (rb_libtorrent deluge)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A directory traversal vulnerability in Rasterbar libtorrent might allow a\nremote attacker to overwrite arbitrary files.\";\ntag_solution = \"All Rasterbar libtorrent users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/rb_libtorrent-0.13-r1'\n\nAll Deluge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/deluge-1.1.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=273156\nhttp://bugs.gentoo.org/show_bug.cgi?id=273961\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-14.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64436\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200907-14 (rb_libtorrent deluge)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-libs/rb_libtorrent\", unaffected: make_list(\"ge 0.13-r1\"), vulnerable: make_list(\"lt 0.13-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-p2p/deluge\", unaffected: make_list(\"ge 1.1.9\"), vulnerable: make_list(\"lt 1.1.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6547.", "modified": "2017-07-10T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64303", "href": "http://plugins.openvas.org/nasl.php?oid=64303", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6547 (rb_libtorrent)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6547.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6547 (rb_libtorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Its main goals are to be very efficient (in terms of CPU and memory usage) as\nwell as being very easy to use both as a user and developer.\n\nUpdate Information:\n\nThis release adds an upstream patch to fix a directory traversal vulnerability\nwhich would allow a remote attacker to create or overwrite arbitrary files via a\n.. (dot dot) and partial relative pathname in a specially-crafted torrent.\n\nChangeLog:\n\n* Sun Jun 14 2009 Peter Gordon - 0.13.1-5\n- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite\nvulnerability):\n+ 0.13-CVE-2009-1760.diff\n- Fixes security bug #505523.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rb_libtorrent' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6547\";\ntag_summary = \"The remote host is missing an update to rb_libtorrent\nannounced via advisory FEDORA-2009-6547.\";\n\n\n\nif(description)\n{\n script_id(64303);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6547 (rb_libtorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=505523\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rb_libtorrent\", rpm:\"rb_libtorrent~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-devel\", rpm:\"rb_libtorrent-devel~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-python\", rpm:\"rb_libtorrent-python~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rb_libtorrent-debuginfo\", rpm:\"rb_libtorrent-debuginfo~0.13.1~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-14.", "modified": "2017-07-07T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64436", "href": "http://plugins.openvas.org/nasl.php?oid=64436", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-14 (rb_libtorrent deluge)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A directory traversal vulnerability in Rasterbar libtorrent might allow a\nremote attacker to overwrite arbitrary files.\";\ntag_solution = \"All Rasterbar libtorrent users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/rb_libtorrent-0.13-r1'\n\nAll Deluge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/deluge-1.1.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=273156\nhttp://bugs.gentoo.org/show_bug.cgi?id=273961\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-14.\";\n\n \n \n\nif(description)\n{\n script_id(64436);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1760\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200907-14 (rb_libtorrent deluge)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-libs/rb_libtorrent\", unaffected: make_list(\"ge 0.13-r1\"), vulnerable: make_list(\"lt 0.13-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-p2p/deluge\", unaffected: make_list(\"ge 1.1.9\"), vulnerable: make_list(\"lt 1.1.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "### Background\n\nRasterbar libtorrent is a C++ BitTorrent implementation focusing on efficiency and scalability. Deluge is a BitTorrent client that ships a copy of libtorrent. \n\n### Description\n\ncensus reported a directory traversal vulnerability in src/torrent_info.cpp that can be triggered via .torrent files. \n\n### Impact\n\nA remote attacker could entice a user or automated system using Rasterbar libtorrent to load a specially crafted BitTorrent file to create or overwrite arbitrary files using dot dot sequences in filenames. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Rasterbar libtorrent users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/rb_libtorrent-0.13-r1\"\n\nAll Deluge users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-p2p/deluge-1.1.9\"", "edition": 1, "modified": "2009-07-17T00:00:00", "published": "2009-07-17T00:00:00", "id": "GLSA-200907-14", "href": "https://security.gentoo.org/glsa/200907-14", "type": "gentoo", "title": "Rasterbar libtorrent: Directory traversal", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:33", "description": "The remote host is affected by the vulnerability described in GLSA-200907-14\n(Rasterbar libtorrent: Directory traversal)\n\n census reported a directory traversal vulnerability in\n src/torrent_info.cpp that can be triggered via .torrent files.\n \nImpact :\n\n A remote attacker could entice a user or automated system using\n Rasterbar libtorrent to load a specially crafted BitTorrent file to\n create or overwrite arbitrary files using dot dot sequences in\n filenames.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2009-07-20T00:00:00", "title": "GLSA-200907-14 : Rasterbar libtorrent: Directory traversal", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-07-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rb_libtorrent", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:deluge"], "id": "GENTOO_GLSA-200907-14.NASL", "href": "https://www.tenable.com/plugins/nessus/39868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200907-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39868);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"GLSA\", value:\"200907-14\");\n\n script_name(english:\"GLSA-200907-14 : Rasterbar libtorrent: Directory traversal\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200907-14\n(Rasterbar libtorrent: Directory traversal)\n\n census reported a directory traversal vulnerability in\n src/torrent_info.cpp that can be triggered via .torrent files.\n \nImpact :\n\n A remote attacker could entice a user or automated system using\n Rasterbar libtorrent to load a specially crafted BitTorrent file to\n create or overwrite arbitrary files using dot dot sequences in\n filenames.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200907-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Rasterbar libtorrent users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/rb_libtorrent-0.13-r1'\n All Deluge users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-p2p/deluge-1.1.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:deluge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rb_libtorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/rb_libtorrent\", unaffected:make_list(\"ge 0.13-r1\"), vulnerable:make_list(\"lt 0.13-r1\"))) flag++;\nif (qpkg_check(package:\"net-p2p/deluge\", unaffected:make_list(\"ge 1.1.9\"), vulnerable:make_list(\"lt 1.1.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Rasterbar libtorrent\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:25", "description": "This release adds a backported upstream patch to fix a directory\ntraversal vulnerability in the included copy of libtorrent which would\nallow a remote attacker to create or overwrite arbitrary files via a\n'..' (dot dot) and partial relative pathname in a specially crafted\ntorrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-06-28T00:00:00", "title": "Fedora 9 : deluge-0.5.9.3-2.fc9 (2009-6682)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:deluge", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-6682.NASL", "href": "https://www.tenable.com/plugins/nessus/39545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6682.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39545);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"FEDORA\", value:\"2009-6682\");\n\n script_name(english:\"Fedora 9 : deluge-0.5.9.3-2.fc9 (2009-6682)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release adds a backported upstream patch to fix a directory\ntraversal vulnerability in the included copy of libtorrent which would\nallow a remote attacker to create or overwrite arbitrary files via a\n'..' (dot dot) and partial relative pathname in a specially crafted\ntorrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025707.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67e19979\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected deluge package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:deluge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"deluge-0.5.9.3-2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"deluge\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:25", "description": "Deluge 1.1.9 contains updated translations and fixes for a 'move\ntorrent' issue (now only happens when the torrent has data\ndownloaded), a folder renaming bug (renaming a parent folder into\nmultiple folders), and an issue with adding a remote torrent in the\nWebUI. This update also includes all upstream bug-fixes and\nenhancements in versions 1.1.7 and 1.1.8 (which were skipped in this\npackage). For a full list of these changes, please see the upstream\nchangelog: http://dev.deluge-torrent.org/wiki/ChangeLog In addition,\nthe included copy of rb_libtorrent has been updated to fix a potential\ndirectory traversal vulnerability which would allow a remote attacker\nto create or overwrite arbitrary files via a '..' (dot dot) and\npartial relative pathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-06-28T00:00:00", "title": "Fedora 10 : deluge-1.1.9-1.fc10 (2009-6760)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:deluge"], "id": "FEDORA_2009-6760.NASL", "href": "https://www.tenable.com/plugins/nessus/39546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6760.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39546);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"FEDORA\", value:\"2009-6760\");\n\n script_name(english:\"Fedora 10 : deluge-1.1.9-1.fc10 (2009-6760)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Deluge 1.1.9 contains updated translations and fixes for a 'move\ntorrent' issue (now only happens when the torrent has data\ndownloaded), a folder renaming bug (renaming a parent folder into\nmultiple folders), and an issue with adding a remote torrent in the\nWebUI. This update also includes all upstream bug-fixes and\nenhancements in versions 1.1.7 and 1.1.8 (which were skipped in this\npackage). For a full list of these changes, please see the upstream\nchangelog: http://dev.deluge-torrent.org/wiki/ChangeLog In addition,\nthe included copy of rb_libtorrent has been updated to fix a potential\ndirectory traversal vulnerability which would allow a remote attacker\nto create or overwrite arbitrary files via a '..' (dot dot) and\npartial relative pathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.deluge-torrent.org/wiki/ChangeLog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.deluge-torrent.org/wiki/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025681.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0410c902\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected deluge package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:deluge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"deluge-1.1.9-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"deluge\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:24", "description": "This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-06-28T00:00:00", "title": "Fedora 11 : rb_libtorrent-0.14.3-2.fc11 (2009-6502)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rb_libtorrent", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-6502.NASL", "href": "https://www.tenable.com/plugins/nessus/39542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6502.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39542);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"FEDORA\", value:\"2009-6502\");\n\n script_name(english:\"Fedora 11 : rb_libtorrent-0.14.3-2.fc11 (2009-6502)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025683.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?848b4212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rb_libtorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rb_libtorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"rb_libtorrent-0.14.3-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rb_libtorrent\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:24", "description": "This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-06-28T00:00:00", "title": "Fedora 10 : rb_libtorrent-0.13.1-5.fc10 (2009-6547)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:rb_libtorrent"], "id": "FEDORA_2009-6547.NASL", "href": "https://www.tenable.com/plugins/nessus/39543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6547.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39543);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"FEDORA\", value:\"2009-6547\");\n\n script_name(english:\"Fedora 10 : rb_libtorrent-0.13.1-5.fc10 (2009-6547)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025678.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3d3dff8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rb_libtorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rb_libtorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"rb_libtorrent-0.13.1-5.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rb_libtorrent\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:24", "description": "This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent. In addition to this,\nasio-devel has been added to the dependencies for the\nrb_libtorrent-devel package - a fix already applied to the Fedora 10,\n11, and Development ('Rawhide') packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-06-28T00:00:00", "title": "Fedora 9 : rb_libtorrent-0.12.1-2.fc9 (2009-6619)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:rb_libtorrent"], "id": "FEDORA_2009-6619.NASL", "href": "https://www.tenable.com/plugins/nessus/39544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6619.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39544);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"FEDORA\", value:\"2009-6619\");\n\n script_name(english:\"Fedora 9 : rb_libtorrent-0.12.1-2.fc9 (2009-6619)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release adds an upstream patch to fix a directory traversal\nvulnerability which would allow a remote attacker to create or\noverwrite arbitrary files via a '..' (dot dot) and partial relative\npathname in a specially crafted torrent. In addition to this,\nasio-devel has been added to the dependencies for the\nrb_libtorrent-devel package - a fix already applied to the Fedora 10,\n11, and Development ('Rawhide') packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505523\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?768d1ed0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rb_libtorrent package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rb_libtorrent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"rb_libtorrent-0.12.1-2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rb_libtorrent\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:11", "description": "A security vulnerability has been identified and corrected in\nlibtorrent-rasterbar :\n\nDirectory traversal vulnerability in src/torrent_info.cpp in Rasterbar\nlibtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge\nTorrent, and other applications, allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) and partial relative\npathname in a Multiple File Mode list element in a .torrent file\n(CVE-2009-1760).\n\nThe updated packages have been patched to prevent this.", "edition": 24, "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : libtorrent-rasterbar (MDVSA-2009:139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2010-07-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:python-libtorrent-rasterbar", "p-cpe:/a:mandriva:linux:lib64torrent-rasterbar1", "p-cpe:/a:mandriva:linux:libtorrent-rasterbar-devel", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:lib64torrent-rasterbar-devel", "p-cpe:/a:mandriva:linux:libtorrent-rasterbar1"], "id": "MANDRIVA_MDVSA-2009-139.NASL", "href": "https://www.tenable.com/plugins/nessus/48148", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:139. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48148);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"MDVSA\", value:\"2009:139\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtorrent-rasterbar (MDVSA-2009:139)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security vulnerability has been identified and corrected in\nlibtorrent-rasterbar :\n\nDirectory traversal vulnerability in src/torrent_info.cpp in Rasterbar\nlibtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge\nTorrent, and other applications, allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) and partial relative\npathname in a Multiple File Mode list element in a .torrent file\n(CVE-2009-1760).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64torrent-rasterbar-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64torrent-rasterbar1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtorrent-rasterbar-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtorrent-rasterbar1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-libtorrent-rasterbar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64torrent-rasterbar-devel-0.14.1-4.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64torrent-rasterbar1-0.14.1-4.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libtorrent-rasterbar-devel-0.14.1-4.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libtorrent-rasterbar1-0.14.1-4.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"python-libtorrent-rasterbar-0.14.1-4.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:30", "description": "It was discovered that the Rasterbar Bittorrent library performed\ninsufficient validation of path names specified in torrent files,\nwhich could lead to denial of service by overwriting files.", "edition": 25, "published": "2009-06-16T00:00:00", "title": "Debian DSA-1815-1 : libtorrent-rasterbar - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1760"], "modified": "2009-06-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:libtorrent-rasterbar"], "id": "DEBIAN_DSA-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/39391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1815. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39391);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1760\");\n script_xref(name:\"DSA\", value:\"1815\");\n\n script_name(english:\"Debian DSA-1815-1 : libtorrent-rasterbar - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Rasterbar Bittorrent library performed\ninsufficient validation of path names specified in torrent files,\nwhich could lead to denial of service by overwriting files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtorrent-rasterbar package.\n\nThe old stable distribution (etch) doesn't include\nlibtorrent-rasterbar.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.13.1-2+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtorrent-rasterbar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libtorrent-rasterbar-dbg\", reference:\"0.13.1-2+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtorrent-rasterbar-dev\", reference:\"0.13.1-2+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtorrent-rasterbar-doc\", reference:\"0.13.1-2+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libtorrent-rasterbar0\", reference:\"0.13.1-2+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1760"], "description": "&#39;libtorrent&#39; is an open-source C++ bittorrent library by Rasterbar\r\nSoftware that is used in many desktop applications and embedded devices.\r\nPopular BitTorrent clients that use this library are &#39;firetorrent&#39;,\r\n&#39;qBittorrent&#39; and &#39;deluge Torrent&#39;. For a more comprehensive list\r\nof libtorrent-based applications, see [1].\r\n\r\nI have discovered an &#39;arbitrary file overwrite&#39; vulnerability in\r\nlibtorrent that allows an attacker to create and modify arbitrary files\r\n&#40;and directories&#41; with the effective rights of the user executing\r\nthe vulnerable libtorrent-based application.\r\n\r\nlibtorrent &#40;up to and including version 0.14.3&#41; employs an insufficient\r\npath sanitization method that allows the formulation of relative paths\r\nfrom the path elements found in .torrent files. Specifically, this\r\napplies to .torrent files that describe multiple files &#40;see\r\n&quot;Multiple File Mode&quot; [2]&#41;. An adversary could use such relative paths,\r\nin a specially crafted .torrent file, to replace or create files in\r\nvulnerable systems.\r\n\r\nSee [3] for more information regarding the nature of this vulnerability.\r\n\r\nThe maintainer of libtorrent has been contacted and a new version &#40;0.14.4&#41;\r\nof the library that fixes this issue has been released [4],[5]. All\r\naffected parties are advised to upgrade to the latest release.\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned\r\nthe candidate name CVE-2009-1760 to this issue.\r\n\r\nVendor notification date: May 27th, 2009\r\nVendor acknowledgement date: May 28th, 2009\r\nVendor bugfix release date: June 1st, 2009\r\nPublic disclosure date: June 8th, 2009\r\n\r\nWith kind regards,\r\n\r\nDimitris Glynos\r\n--\r\nhttp://census-labs.com / IT security research, development and services\r\n\r\n[1] http://www.rasterbar.com/products/libtorrent/projects.html\r\n[2] http://wiki.theory.org/BitTorrentSpecification#Info_in_Multiple_File_Mode\r\n[3] http://census-labs.com/news/2009/06/08/libtorrent-rasterbar\r\n[4] http://sf.net/project/shownotes.php?group_id=79942&amp;release_id=686456\r\n[5] http://sf.net/project/showfiles.php?group_id=79942", "edition": 1, "modified": "2009-06-09T00:00:00", "published": "2009-06-09T00:00:00", "id": "SECURITYVULNS:DOC:21970", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21970", "title": "Rasterbar libtorrent arbitrary file overwrite vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1760"], "description": "Directory traversal on .torrent files processing.", "edition": 1, "modified": "2009-06-09T00:00:00", "published": "2009-06-09T00:00:00", "id": "SECURITYVULNS:VULN:9973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9973", "title": "Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent directory traversal", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:18:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1815-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 14, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libtorrent-rasterbar\nVulnerability : programming error\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-1760\n\nIt was discovered that the Rasterbar Bittorrent library performed\ninsufficient validation of path names specified in torrent files, which\ncould lead to denial of service by overwriting files.\n\nThe old stable distribution (etch) doesn&#x27;t include libtorrent-rasterbar.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.13.1-2+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.14.4-1.\n\nWe recommend that you upgrade your libtorrent-rasterbar package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.diff.gz\n Size/MD5 checksum: 5295 ad26ec230cfb51e8b1a11053c631e23a\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1.orig.tar.gz\n Size/MD5 checksum: 1469775 9d6b112fedc5861402647ff72e95dba0\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.dsc\n Size/MD5 checksum: 1688 615d598da6448acb06a5564b5af98504\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-doc_0.13.1-2+lenny1_all.deb\n Size/MD5 checksum: 494718 2ff3232090c18212dceab0c240ad5b6a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_alpha.deb\n Size/MD5 checksum: 2847180 bdc11c81ec50ef9c87e473a5adedef4d\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_alpha.deb\n Size/MD5 checksum: 1191354 7fc10d95bb5fb39218ef46a4e0256aa0\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_alpha.deb\n Size/MD5 checksum: 7486406 be3e0f535a318d69bd8d8f84987c00c9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_amd64.deb\n Size/MD5 checksum: 991572 8bfc1c7c2a0e715830b6b869d6700826\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_amd64.deb\n Size/MD5 checksum: 1958800 6f925903c79b0c09c861cfafc154fddb\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_amd64.deb\n Size/MD5 checksum: 7578292 b5fda43c6ef50c504a11362f34efba69\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_arm.deb\n Size/MD5 checksum: 1083396 265b8b109918bdb5a7cbd7a93a98f906\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_arm.deb\n Size/MD5 checksum: 7278890 4f175b83c43250504e3e6e927b1aa95b\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_arm.deb\n Size/MD5 checksum: 2081302 f75e702139b6e6df8282ca8db807358a\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_armel.deb\n Size/MD5 checksum: 863962 d3e22f0d17881578c94ff18577c7b0ff\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_armel.deb\n Size/MD5 checksum: 2114218 28a9d8dd167a77c1c350c5f0c26656bb\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_armel.deb\n Size/MD5 checksum: 7401594 096572e6a80d8e2629893d2eda7b06b2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_hppa.deb\n Size/MD5 checksum: 1131024 69724d35147d2cb2d47f47b1dd2d09f2\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_hppa.deb\n Size/MD5 checksum: 2188616 48986004e631fcb30dc617dd09d6bb7e\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_hppa.deb\n Size/MD5 checksum: 7447584 9c0ef400fb8a6af2fed8e57572749e82\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_i386.deb\n Size/MD5 checksum: 7466610 561fa4b4cc308ab89142ba8745144839\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_i386.deb\n Size/MD5 checksum: 986646 fbae1919d47696f1160191896ee51fe2\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_i386.deb\n Size/MD5 checksum: 1837994 706c48fe6df16cf87954938079b83bbd\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_ia64.deb\n Size/MD5 checksum: 2839510 0784e971e672f0d3508735b58b0190e0\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_ia64.deb\n Size/MD5 checksum: 7867400 ef973715edcbbcc5739c959bc1a616e7\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_ia64.deb\n Size/MD5 checksum: 1408300 465e116873aeb20eb4d3307f11e23a1f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_mips.deb\n Size/MD5 checksum: 2042000 a7da44aa33d55dd1720f03ff5578265b\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_mips.deb\n Size/MD5 checksum: 923072 f228766d2143c5678b568a7317427a7d\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_mips.deb\n Size/MD5 checksum: 7563768 7269489934ef49530520be1f58d37137\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_mipsel.deb\n Size/MD5 checksum: 7357426 4c6e09de92323c4edfc2e9d1697b88d4\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_mipsel.deb\n Size/MD5 checksum: 915480 5f6dcdcd4ebcf05c993ae8961172f8c3\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_mipsel.deb\n Size/MD5 checksum: 2022654 d370a93c7711c996b40e679c75b9e450\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_powerpc.deb\n Size/MD5 checksum: 2009160 ffe50b547f76cc3715a696ec446c4a96\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_powerpc.deb\n Size/MD5 checksum: 7771456 cf4a135f1dad2440449cc0a6e3ea2863\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_powerpc.deb\n Size/MD5 checksum: 1046364 d68326739c445096bebf71b8da2fb9ab\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_s390.deb\n Size/MD5 checksum: 7523480 b51f62f23c283f3ec6992b234946a585\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_s390.deb\n Size/MD5 checksum: 945680 55899bdfa3d12f96dcc8a3bca4688429\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_s390.deb\n Size/MD5 checksum: 1877984 57a4674260e40426e3b12f2d1e2e500f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_sparc.deb\n Size/MD5 checksum: 7366596 36c4f6f9964750a32ce7278bf4d04da2\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_sparc.deb\n Size/MD5 checksum: 1145234 ff7d341f351f65144621eed3f9a3cf86\n http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_sparc.deb\n Size/MD5 checksum: 1734368 064c9bfed79ac652c89db16fb1b74357\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2009-06-14T22:16:23", "published": "2009-06-14T22:16:23", "id": "DEBIAN:DSA-1815-1:8FD2F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00127.html", "title": "[SECURITY] [DSA 1815-1] New libtorrent-rasterbar packages fix denial of\tservice", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (=C2=B5Torrent-compatible Peer Exchange), an d UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forward ing. ", "modified": "2009-06-27T02:51:09", "published": "2009-06-27T02:51:09", "id": "FEDORA:1344D10F8AD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: deluge-1.1.9-1.fc10", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "rb_libtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient (in terms of CPU and memory usage) as well as being very easy to use both as a user and developer. ", "modified": "2009-06-27T02:51:53", "published": "2009-06-27T02:51:53", "id": "FEDORA:C725610F8A2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rb_libtorrent-0.14.3-2.fc11", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "rb_libtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient (in terms of CPU and memory usage) as well as being very easy to use both as a user and developer. ", "modified": "2009-06-27T02:51:20", "published": "2009-06-27T02:51:20", "id": "FEDORA:BC20C10F8AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: rb_libtorrent-0.12.1-2.fc9", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "rb_libtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient (in terms of CPU and memory usage) as well as being very easy to use both as a user and developer. ", "modified": "2009-06-27T02:50:04", "published": "2009-06-27T02:50:04", "id": "FEDORA:0FAF110F8A7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1760"], "description": "Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (=C2=B5Torrent-compatible Peer Exchange), an d UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forward ing. ", "modified": "2009-06-27T02:57:43", "published": "2009-06-27T02:57:43", "id": "FEDORA:7053610F8A3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: deluge-0.5.9.3-2.fc9", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}]}