brainslicer Postad 25 Januari , 2008 Rapport Share Postad 25 Januari , 2008 sårbarheten som tidigare i år rapporterats är tydligen lite värre än vad som då kom fram uTorrent Peer Client Buffer Overflow Vulnerability Secunia Advisory: SA28533 Release Date: 2008-01-18 Last Update: 2008-01-25 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software:uTorrent 1.x CVE reference:CVE-2008-0364 (Secunia mirror) Description:Luigi Auriemma has discovered a vulnerability in uTorrent, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when displaying the client used by connected peers. This can be exploited to cause a buffer overflow by connecting to the TCP port on which uTorrent is listening and sending a specially crafted packet containing an overly long client string. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.7.5 on Windows. Prior versions may also be affected. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Solution: Update to version 1.7.6. Provided and/or discovered by: Originally reported as a DoS by Luigi Auriemma. Additional information provided by Secunia Research edit: vissa versioner lär ska vara ok....(för dom som är paranoida efter ägarbytet av klienten) 1.6.0 (474) fine (but vulnerable to exploit1)1.6.1 (488) fine 1.6.1 (489) fine 1.6.1 (490) fine 1.7.0 (3353) bugged 1.7.1 (3360) bugged 1.7.2 (3458) bugged 1.7.3 (4470) bugged 1.7.4 (4482) bugged 1.7.5 (4602) bugged Citera Länk till kommentar Dela på andra webbplatser More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.