This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 468983 - (CVE-2008-5905, CVE-2008-5906) CVE-2008-5905 CVE-2008-5906 ktorrent: multiple security issues in the web interface
CVE-2008-5905 CVE-2008-5906 ktorrent: multiple security issues in the web int...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 469020
  Show dependency treegraph
 
Reported: 2008-10-29 07:23 EDT by Tomas Hoger
Modified: 2009-12-07 01:29 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 02:33:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-10-29 07:23:45 EDT
KTorrent 3.1.4 was released fixing multiple security issues in the ktorrent's web interface.  Quoting Secunia:

  Some vulnerabilities have been discovered in KTorrent, which can be
  exploited by malicious users to compromise a vulnerable system and malicious
  people to bypass certain security restrictions.

  1) The web interface plugin does not properly restrict access to the torrent
  upload functionality. This can be exploited to upload arbitrary torrent
  files by sending specially crafted HTTP POST request to the affected
  application.

  2) The web interface plugin does not properly sanitise request parameters
  before passing them to the PHP interpreter. This can be exploited to inject
  and execute arbitrary PHP code by passing specially crafted parameters to
  the PHP scripts of the web interface.

  Successful exploitation of the vulnerabilities requires that the web
  interface plugin is enabled (not the default setting).

Gentoo bug report (see below) confirms that both issues also affect ktorrent 2.x and has patch backports to 2.2.7 attached.

References:
http://ktorrent.org/?q=node/23
http://secunia.com/advisories/32442/
http://bugs.gentoo.org/show_bug.cgi?id=244741
Comment 1 Tomas Hoger 2008-10-29 07:24:47 EDT
F9 already fixed via:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9167

F8 can possibly be addressed using rbu's patch backports.
Comment 2 Rex Dieter 2008-10-29 10:09:17 EDT
pinged upstream about kde3's ktorrent-2.2.x (used in F-8):
http://ktorrent.org/forum/viewtopic.php?p=14574

In the meantime, will look over gentoo's patches.
Comment 3 Jan Lieskovsky 2009-01-16 07:47:42 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5905 to
the following vulnerability:

The web interface plugin in KTorrent before 3.1.4 allows remote
attackers to bypass intended access restrictions and upload arbitrary
torrent files, and trigger the start of downloads and seeding, via a
crafted HTTP POST request.

References: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5905
http://openwall.com/lists/oss-security/2009/01/08/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23
https://bugs.gentoo.org/show_bug.cgi?id=244741
http://secunia.com/advisories/32442
http://secunia.com/advisories/32447

Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5906 to
the following vulnerability:

Eval injection vulnerability in the web interface plugin in KTorrent
before 3.1.4 allows remote attackers to execute arbitrary PHP code via
unspecified parameters to this interface's PHP scripts.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5906
http://openwall.com/lists/oss-security/2009/01/08/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23
https://bugs.gentoo.org/show_bug.cgi?id=244741
http://secunia.com/advisories/32442
http://secunia.com/advisories/32447
Comment 4 Roland Wolters 2009-01-19 16:23:00 EST
All currently supported Fedora releases ship Ktorrent 3.1.5 - so I think we can close this bug. Other opinions?
Comment 5 Red Hat Product Security 2009-01-20 02:33:01 EST
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9167
Comment 6 Fedora Update System 2009-12-07 01:29:18 EST
ktorrent-2.2.8-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.