Bug 501813 - (CVE-2009-1759) CVE-2009-1759 ctorrent: stack-based buffer overflow vulnerability
CVE-2009-1759 ctorrent: stack-based buffer overflow vulnerability
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=gentoo,reporte...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-20 16:08 EDT by Vincent Danen
Modified: 2016-03-04 07:37 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-14 11:41:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-05-20 16:08:36 EDT
A boundary error flaw was found in Enhanced CTorrent that could be exploited to cause a stack-based buffer overflow if a user were to open a specially crafted torrent file.  This could lead to an application crash or, possibly, the execution of arbitrary code as the user running ctorrent.  This issue was found in version 3.3.2 and probably affects older versions.  It will be fixed in the forthcoming 3.3.3 release (already fixed in svn).  This overflow is aborted in Fedora due to SSP protections.

References:

http://secunia.com/advisories/34752/
http://bugs.gentoo.org/show_bug.cgi?id=266953
http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
http://milw0rm.com/exploits/8470

The upstream commit to fix the issue:

http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
Comment 1 Vincent Danen 2009-05-21 23:15:22 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1759 to
the following vulnerability:

Name: CVE-2009-1759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759
Reference: MILW0RM:8470
Reference: URL: http://www.milw0rm.com/exploits/8470
Reference: MLIST:[oss-security] 20090520 CVE request: ctorrent
Reference: URL: http://www.openwall.com/lists/oss-security/2009/05/20/3
Reference: CONFIRM: http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
Reference: CONFIRM: http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=501813
Reference: BID:34584
Reference: URL: http://www.securityfocus.com/bid/34584
Reference: SECUNIA:34752
Reference: URL: http://secunia.com/advisories/34752
Reference: VUPEN:ADV-2009-1092
Reference: URL: http://www.vupen.com/english/advisories/2009/1092
Reference: XF:ctorrent-btfiles-bo(49959)
Reference: URL: http://xforce.iss.net/xforce/xfdb/49959

Stack-based buffer overflow in the btFiles::BuildFromMI function
(trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and
probably earlier, and CTorrent 1.3.4, allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
Torrent file containing a long path.
Comment 2 Fedora Update System 2009-08-22 10:15:38 EDT
ctorrent-1.3.4-10.dnh3.3.2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/ctorrent-1.3.4-10.dnh3.3.2.fc11
Comment 3 Fedora Update System 2009-08-22 10:17:41 EDT
ctorrent-1.3.4-7.dnh3.3.2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/ctorrent-1.3.4-7.dnh3.3.2.fc10
Comment 4 Fedora Update System 2009-08-22 11:38:04 EDT
ctorrent-1.3.4-4.dnh3.3.2.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/ctorrent-1.3.4-4.dnh3.3.2.el5
Comment 5 Fedora Update System 2009-08-22 11:39:13 EDT
ctorrent-1.3.4-5.dnh2.1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/ctorrent-1.3.4-5.dnh2.1.el5
Comment 6 Fedora Update System 2009-08-25 00:26:53 EDT
ctorrent-1.3.4-10.dnh3.3.2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2009-08-25 00:41:52 EDT
ctorrent-1.3.4-7.dnh3.3.2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2009-09-12 13:55:44 EDT
ctorrent-1.3.4-5.dnh2.1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.