469020 – ktorrent: multiple security issues in the web interface

Bug 469020 - ktorrent: multiple security issues in the web interface

Summary: ktorrent: multiple security issues in the web interface

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ktorrent
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Roland Wolters
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	CVE-2008-5905, CVE-2008-5906
Blocks:
TreeView+	depends on / blocked

Reported:	2008-10-29 14:36 UTC by Rex Dieter
Modified:	2008-11-06 04:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-11-06 04:07:57 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rex Dieter 2008-10-29 14:36:50 UTC

+++ This bug was initially created as a clone of Bug #468983 +++

KTorrent 3.1.4 was released fixing multiple security issues in the ktorrent's web interface.  Quoting Secunia:

  Some vulnerabilities have been discovered in KTorrent, which can be
  exploited by malicious users to compromise a vulnerable system and malicious
  people to bypass certain security restrictions.

  1) The web interface plugin does not properly restrict access to the torrent
  upload functionality. This can be exploited to upload arbitrary torrent
  files by sending specially crafted HTTP POST request to the affected
  application.

  2) The web interface plugin does not properly sanitise request parameters
  before passing them to the PHP interpreter. This can be exploited to inject
  and execute arbitrary PHP code by passing specially crafted parameters to
  the PHP scripts of the web interface.

  Successful exploitation of the vulnerabilities requires that the web
  interface plugin is enabled (not the default setting).

Gentoo bug report (see below) confirms that both issues also affect ktorrent 2.x and has patch backports to 2.2.7 attached.

References:
http://ktorrent.org/?q=node/23
http://secunia.com/advisories/32442/
http://bugs.gentoo.org/show_bug.cgi?id=244741

--- Additional comment from thoger on 2008-10-29 07:24:47 EDT ---

F9 already fixed via:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9167

F8 can possibly be addressed using rbu's patch backports.

--- Additional comment from rdieter.edu on 2008-10-29 10:09:17 EDT ---

pinged upstream about kde3's ktorrent-2.2.x (used in F-8):
http://ktorrent.org/forum/viewtopic.php?p=14574

In the meantime, will look over gentoo's patches.

Comment 1 Rex Dieter 2008-10-29 14:40:36 UTC

patches look good, doing a test build.

Comment 2 Fedora Update System 2008-10-29 14:58:47 UTC

ktorrent-2.2.7-2.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ktorrent-2.2.7-2.fc8

Comment 3 Fedora Update System 2008-10-30 12:54:28 UTC

ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ktorrent'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9267

Comment 4 Fedora Update System 2008-11-06 04:07:54 UTC

ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.