A boundary error flaw was found in Enhanced CTorrent that could be exploited to cause a stack-based buffer overflow if a user were to open a specially crafted torrent file. This could lead to an application crash or, possibly, the execution of arbitrary code as the user running ctorrent. This issue was found in version 3.3.2 and probably affects older versions. It will be fixed in the forthcoming 3.3.3 release (already fixed in svn). This overflow is aborted in Fedora due to SSP protections. References: http://secunia.com/advisories/34752/ http://bugs.gentoo.org/show_bug.cgi?id=266953 http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959 http://milw0rm.com/exploits/8470 The upstream commit to fix the issue: http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1759 to the following vulnerability: Name: CVE-2009-1759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 Reference: MILW0RM:8470 Reference: URL: http://www.milw0rm.com/exploits/8470 Reference: MLIST:[oss-security] 20090520 CVE request: ctorrent Reference: URL: http://www.openwall.com/lists/oss-security/2009/05/20/3 Reference: CONFIRM: http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch Reference: CONFIRM: http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959 Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=501813 Reference: BID:34584 Reference: URL: http://www.securityfocus.com/bid/34584 Reference: SECUNIA:34752 Reference: URL: http://secunia.com/advisories/34752 Reference: VUPEN:ADV-2009-1092 Reference: URL: http://www.vupen.com/english/advisories/2009/1092 Reference: XF:ctorrent-btfiles-bo(49959) Reference: URL: http://xforce.iss.net/xforce/xfdb/49959 Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
ctorrent-1.3.4-10.dnh3.3.2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-10.dnh3.3.2.fc11
ctorrent-1.3.4-7.dnh3.3.2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-7.dnh3.3.2.fc10
ctorrent-1.3.4-4.dnh3.3.2.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-4.dnh3.3.2.el5
ctorrent-1.3.4-5.dnh2.1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/ctorrent-1.3.4-5.dnh2.1.el5
ctorrent-1.3.4-10.dnh3.3.2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
ctorrent-1.3.4-7.dnh3.3.2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
ctorrent-1.3.4-5.dnh2.1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.