Bug 469020 - ktorrent: multiple security issues in the web interface
ktorrent: multiple security issues in the web interface
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: ktorrent (Show other bugs)
8
All Linux
medium Severity medium
: ---
: ---
Assigned To: Roland Wolters
Fedora Extras Quality Assurance
: Security
Depends On: CVE-2008-5905/CVE-2008-5906
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-29 10:36 EDT by Rex Dieter
Modified: 2008-11-05 23:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-05 23:07:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rex Dieter 2008-10-29 10:36:50 EDT
+++ This bug was initially created as a clone of Bug #468983 +++

KTorrent 3.1.4 was released fixing multiple security issues in the ktorrent's web interface.  Quoting Secunia:

  Some vulnerabilities have been discovered in KTorrent, which can be
  exploited by malicious users to compromise a vulnerable system and malicious
  people to bypass certain security restrictions.

  1) The web interface plugin does not properly restrict access to the torrent
  upload functionality. This can be exploited to upload arbitrary torrent
  files by sending specially crafted HTTP POST request to the affected
  application.

  2) The web interface plugin does not properly sanitise request parameters
  before passing them to the PHP interpreter. This can be exploited to inject
  and execute arbitrary PHP code by passing specially crafted parameters to
  the PHP scripts of the web interface.

  Successful exploitation of the vulnerabilities requires that the web
  interface plugin is enabled (not the default setting).

Gentoo bug report (see below) confirms that both issues also affect ktorrent 2.x and has patch backports to 2.2.7 attached.

References:
http://ktorrent.org/?q=node/23
http://secunia.com/advisories/32442/
http://bugs.gentoo.org/show_bug.cgi?id=244741

--- Additional comment from thoger@redhat.com on 2008-10-29 07:24:47 EDT ---

F9 already fixed via:
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9167

F8 can possibly be addressed using rbu's patch backports.

--- Additional comment from rdieter@math.unl.edu on 2008-10-29 10:09:17 EDT ---

pinged upstream about kde3's ktorrent-2.2.x (used in F-8):
http://ktorrent.org/forum/viewtopic.php?p=14574

In the meantime, will look over gentoo's patches.
Comment 1 Rex Dieter 2008-10-29 10:40:36 EDT
patches look good, doing a test build.
Comment 2 Fedora Update System 2008-10-29 10:58:47 EDT
ktorrent-2.2.7-2.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ktorrent-2.2.7-2.fc8
Comment 3 Fedora Update System 2008-10-30 08:54:28 EDT
ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ktorrent'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9267
Comment 4 Fedora Update System 2008-11-05 23:07:54 EST
ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.