uTorrent sårbarhet

[brainslicer]

sårbarheten som tidigare i år rapporterats är tydligen lite värre än vad som då kom fram

 

 

 

uTorrent Peer Client Buffer Overflow Vulnerability

Secunia Advisory: SA28533 Release Date: 2008-01-18 Last Update: 2008-01-25

Critical:

Highly critical Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software:uTorrent 1.x

 

CVE reference:CVE-2008-0364 (Secunia mirror)

 

 

Description:

Luigi Auriemma has discovered a vulnerability in uTorrent, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to a boundary error when displaying the client used by connected peers. This can be exploited to cause a buffer overflow by connecting to the TCP port on which uTorrent is listening and sending a specially crafted packet containing an overly long client string.

 

Successful exploitation allows execution of arbitrary code.

 

The vulnerability is confirmed in version 1.7.5 on Windows. Prior versions may also be affected.

 

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

 

Solution:

Update to version 1.7.6.

 

Provided and/or discovered by:

Originally reported as a DoS by Luigi Auriemma.

 

Additional information provided by Secunia Research

 

 

edit: vissa versioner lär ska vara ok....(för dom som är paranoida efter ägarbytet av klienten)

1.6.0 (474) fine (but vulnerable to exploit1)

1.6.1 (488) fine

1.6.1 (489) fine

1.6.1 (490) fine

1.7.0 (3353) bugged

1.7.1 (3360) bugged

1.7.2 (3458) bugged

1.7.3 (4470) bugged

1.7.4 (4482) bugged

1.7.5 (4602) bugged