Red Hat Bugzilla – Bug 469020
ktorrent: multiple security issues in the web interface
Last modified: 2008-11-05 23:07:57 EST
+++ This bug was initially created as a clone of Bug #468983 +++
KTorrent 3.1.4 was released fixing multiple security issues in the ktorrent's web interface. Quoting Secunia:
Some vulnerabilities have been discovered in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and malicious
people to bypass certain security restrictions.
1) The web interface plugin does not properly restrict access to the torrent
upload functionality. This can be exploited to upload arbitrary torrent
files by sending specially crafted HTTP POST request to the affected
2) The web interface plugin does not properly sanitise request parameters
before passing them to the PHP interpreter. This can be exploited to inject
and execute arbitrary PHP code by passing specially crafted parameters to
the PHP scripts of the web interface.
Successful exploitation of the vulnerabilities requires that the web
interface plugin is enabled (not the default setting).
Gentoo bug report (see below) confirms that both issues also affect ktorrent 2.x and has patch backports to 2.2.7 attached.
--- Additional comment from email@example.com on 2008-10-29 07:24:47 EDT ---
F9 already fixed via:
F8 can possibly be addressed using rbu's patch backports.
--- Additional comment from firstname.lastname@example.org on 2008-10-29 10:09:17 EDT ---
pinged upstream about kde3's ktorrent-2.2.x (used in F-8):
In the meantime, will look over gentoo's patches.
patches look good, doing a test build.
ktorrent-2.2.7-2.fc8 has been submitted as an update for Fedora 8.
ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update ktorrent'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9267
ktorrent-2.2.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.