Bug 501813 (CVE-2009-1759)
| Summary: | CVE-2009-1759 ctorrent: stack-based buffer overflow vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dominik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-14 15:41:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Vincent Danen
2009-05-20 20:08:36 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1759 to the following vulnerability: Name: CVE-2009-1759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 Reference: MILW0RM:8470 Reference: URL: http://www.milw0rm.com/exploits/8470 Reference: MLIST:[oss-security] 20090520 CVE request: ctorrent Reference: URL: http://www.openwall.com/lists/oss-security/2009/05/20/3 Reference: CONFIRM: http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch Reference: CONFIRM: http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959 Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=501813 Reference: BID:34584 Reference: URL: http://www.securityfocus.com/bid/34584 Reference: SECUNIA:34752 Reference: URL: http://secunia.com/advisories/34752 Reference: VUPEN:ADV-2009-1092 Reference: URL: http://www.vupen.com/english/advisories/2009/1092 Reference: XF:ctorrent-btfiles-bo(49959) Reference: URL: http://xforce.iss.net/xforce/xfdb/49959 Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path. ctorrent-1.3.4-10.dnh3.3.2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-10.dnh3.3.2.fc11 ctorrent-1.3.4-7.dnh3.3.2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-7.dnh3.3.2.fc10 ctorrent-1.3.4-4.dnh3.3.2.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-4.dnh3.3.2.el5 ctorrent-1.3.4-5.dnh2.1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-5.dnh2.1.el5 ctorrent-1.3.4-10.dnh3.3.2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. ctorrent-1.3.4-7.dnh3.3.2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. ctorrent-1.3.4-5.dnh2.1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |