{"id": "SECURITYVULNS:VULN:12918", "bulletinFamily": "software", "title": "Transmission memory corruption", "description": "micro transport packets parsing memory corruption", "published": "2013-03-02T00:00:00", "modified": "2013-03-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12918", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29117"], "cvelist": ["CVE-2012-6129"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:50", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ccb3682c28ab29308453bf8c758d486e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b983f6696ce974396c8f93c52816579b"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ce5f1685930407e5033c708a635a38a7"}, {"key": "href", "hash": "2f31650235ac89878a4176958a64ee70"}, {"key": "modified", "hash": "33698e5dda332f050ce38ddfb1e89999"}, {"key": "published", "hash": "33698e5dda332f050ce38ddfb1e89999"}, {"key": "references", "hash": "b8795ac6814a92c3b02fd80534337f4c"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "74a4d5af8529e4079bfd1c5b39e2eceb"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "4c7fe99ea6d3fa643ffc1ba1efccc0c9600cb5232588c5d6250eea357d68b4e4", "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:09:50"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6129"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-220.NASL", "FREEBSD_PKG_0523FB7E84444E86812D8DE05F6F0DCE.NASL", "UBUNTU_USN-1747-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-1747-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29117"]}, {"type": "freebsd", "idList": ["0523FB7E-8444-4E86-812D-8DE05F6F0DCE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841346", "OPENVAS:841346"]}], "modified": "2018-08-31T11:09:50"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Transmission", "operator": "eq", "version": "2.61"}]}

{"cve": [{"lastseen": "2017-10-12T21:09:12", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\"", "modified": "2013-04-03T00:00:00", "published": "2013-04-02T20:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6129", "id": "CVE-2012-6129", "title": "CVE-2012-6129", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:21:29", "bulletinFamily": "scanner", "description": "transmission was updated to fix remote crashes in UTP_ProcessIncoming() (CVE-2012-6129, bnc#803088).", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2013-220.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74927", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : transmission (openSUSE-SU-2013:0485-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-220.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74927);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2012-6129\");\n\n script_name(english:\"openSUSE Security Update : transmission (openSUSE-SU-2013:0485-1)\");\n script_summary(english:\"Check for the openSUSE-2013-220 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"transmission was updated to fix remote crashes in\nUTP_ProcessIncoming() (CVE-2012-6129, bnc#803088).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected transmission packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-gtk-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transmission-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-common-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-debuginfo-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-debugsource-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-gtk-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-gtk-debuginfo-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-gtk-lang-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-qt-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"transmission-qt-debuginfo-2.42-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-common-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-debuginfo-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-debugsource-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-gtk-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-gtk-debuginfo-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-gtk-lang-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-qt-2.60-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"transmission-qt-debuginfo-2.60-1.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"transmission\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:35", "bulletinFamily": "scanner", "description": "It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1747-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64891", "published": "2013-02-26T00:00:00", "title": "Ubuntu 11.10 / 12.04 LTS / 12.10 : transmission vulnerability (USN-1747-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1747-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64891);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-6129\");\n script_bugtraq_id(57872);\n script_xref(name:\"USN\", value:\"1747-1\");\n\n script_name(english:\"Ubuntu 11.10 / 12.04 LTS / 12.10 : transmission vulnerability (USN-1747-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Transmission incorrectly handled certain micro\ntransport protocol packets. A remote attacker could use this issue to\ncause a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1747-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected transmission-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:transmission-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"transmission-common\", pkgver:\"2.33-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"transmission-common\", pkgver:\"2.51-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"transmission-common\", pkgver:\"2.61-0ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"transmission-common\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:21", "bulletinFamily": "scanner", "description": "NVD reports :\n\nStack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted 'micro transport protocol packets.'", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_0523FB7E84444E86812D8DE05F6F0DCE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80923", "published": "2015-01-23T00:00:00", "title": "FreeBSD : libutp -- remote denial of service or arbitrary code execution (0523fb7e-8444-4e86-812d-8de05f6f0dce)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80923);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2012-6129\");\n\n script_name(english:\"FreeBSD : libutp -- remote denial of service or arbitrary code execution (0523fb7e-8444-4e86-812d-8de05f6f0dce)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NVD reports :\n\nStack-based buffer overflow in utp.cpp in libutp, as used in\nTransmission before 2.74 and possibly other products, allows remote\nattackers to cause a denial of service (crash) and possibly execute\narbitrary code via crafted 'micro transport protocol packets.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/bittorrent/libutp/issues/38\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://trac.transmissionbt.com/ticket/5002\"\n );\n # https://vuxml.freebsd.org/freebsd/0523fb7e-8444-4e86-812d-8de05f6f0dce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f1882e0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bittorrent-libutp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:transmission-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:transmission-deamon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:transmission-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:transmission-qt4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bittorrent-libutp<0.20130514_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"transmission-cli<2.74\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"transmission-deamon<2.74\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"transmission-gtk<2.74\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"transmission-qt4<2.74\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:58", "bulletinFamily": "unix", "description": "It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.", "modified": "2013-02-25T00:00:00", "published": "2013-02-25T00:00:00", "id": "USN-1747-1", "href": "https://usn.ubuntu.com/1747-1/", "title": "Transmission vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:45", "bulletinFamily": "unix", "description": "\nNVD reports:\n\nStack-based buffer overflow in utp.cpp in libutp, as used\n\t in Transmission before 2.74 and possibly other products,\n\t allows remote attackers to cause a denial of service (crash)\n\t and possibly execute arbitrary code via crafted \"micro\n\t transport protocol packets.\"\n\n", "modified": "2012-08-01T00:00:00", "published": "2012-08-01T00:00:00", "id": "0523FB7E-8444-4E86-812D-8DE05F6F0DCE", "href": "https://vuxml.freebsd.org/freebsd/0523fb7e-8444-4e86-812d-8de05f6f0dce.html", "title": "libutp -- remote denial of service or arbitrary code execution", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-03-14T14:31:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-01T00:00:00", "id": "OPENVAS:1361412562310841346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841346", "title": "Ubuntu Update for transmission USN-1747-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1747_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for transmission USN-1747-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1747-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841346\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:04 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2012-6129\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1747-1\");\n script_name(\"Ubuntu Update for transmission USN-1747-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'transmission'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|12\\.10)\");\n script_tag(name:\"affected\", value:\"transmission on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10\");\n script_tag(name:\"insight\", value:\"It was discovered that Transmission incorrectly handled certain micro\n transport protocol packets. A remote attacker could use this issue to cause\n a denial of service, or possibly execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.51-0ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.33-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.61-0ubuntu2.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:11:20", "bulletinFamily": "scanner", "description": "Check for the Version of transmission", "modified": "2018-02-03T00:00:00", "published": "2013-03-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841346", "id": "OPENVAS:841346", "title": "Ubuntu Update for transmission USN-1747-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1747_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for transmission USN-1747-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"transmission on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10\";\ntag_insight = \"It was discovered that Transmission incorrectly handled certain micro\n transport protocol packets. A remote attacker could use this issue to cause\n a denial of service, or possibly execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1747-1/\");\n script_id(841346);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:04 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2012-6129\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1747-1\");\n script_name(\"Ubuntu Update for transmission USN-1747-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of transmission\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.51-0ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.33-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"transmission-common\", ver:\"2.61-0ubuntu2.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1747-1\r\nFebruary 25, 2013\r\n\r\ntransmission vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n\r\nSummary:\r\n\r\nTransmission could be made to crash or run programs if it received\r\nspecially crafted network traffic.\r\n\r\nSoftware Description:\r\n- transmission: lightweight BitTorrent client\r\n\r\nDetails:\r\n\r\nIt was discovered that Transmission incorrectly handled certain micro\r\ntransport protocol packets. A remote attacker could use this issue to cause\r\na denial of service, or possibly execute arbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n transmission-common 2.61-0ubuntu2.2\r\n\r\nUbuntu 12.04 LTS:\r\n transmission-common 2.51-0ubuntu1.3\r\n\r\nUbuntu 11.10:\r\n transmission-common 2.33-0ubuntu2.1\r\n\r\nAfter a standard system update you need to restart Transmission to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1747-1\r\n CVE-2012-6129\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/transmission/2.61-0ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/transmission/2.51-0ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/transmission/2.33-0ubuntu2.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2013-03-02T00:00:00", "published": "2013-03-02T00:00:00", "id": "SECURITYVULNS:DOC:29117", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29117", "title": "[USN-1747-1] Transmission vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}