Lucene search

K
ubuntuUbuntuUSN-711-1
HistoryJan 26, 2009 - 12:00 a.m.

KTorrent vulnerabilities

2009-01-2600:00:00
ubuntu.com
30

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.021

Percentile

89.1%

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10

Packages

  • ktorrent -

Details

It was discovered that KTorrent did not properly restrict access when using the
web interface plugin. A remote attacker could use a crafted http request and
upload arbitrary torrent files to trigger the start of downloads and seeding.
(CVE-2008-5905)

It was discovered that KTorrent did not properly handle certain parameters when
using the web interface plugin. A remote attacker could use crafted http
requests to execute arbitrary PHP code. (CVE-2008-5906)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchktorrent< 3.1.2+dfsg.1-0ubuntu2.1UNKNOWN
Ubuntu8.10noarchktorrent-dbg< 3.1.2+dfsg.1-0ubuntu2.1UNKNOWN
Ubuntu8.04noarchktorrent< 2.2.5-0ubuntu1.1UNKNOWN
Ubuntu7.10noarchktorrent< 2.2.1-0ubuntu3.1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.021

Percentile

89.1%