Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5905

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5905
Last Modified 09 May 2009 01:26:51
Published 15 Jan 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5905

Summary

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

Vulnerable Systems

Application

  • Ktorrent 0.9

  • Ktorrent 1.0

  • Ktorrent 1.1

  • Ktorrent 1.2

  • Ktorrent 2.0

  • Ktorrent 2.0.1

  • Ktorrent 2.0.2

  • Ktorrent 2.0.3

  • Ktorrent 2.1

  • Ktorrent 2.1.1

  • Ktorrent 2.1.2

  • Ktorrent 2.1.3

  • Ktorrent 2.1.4

  • Ktorrent 2.2

  • Ktorrent 2.2.1

  • Ktorrent 2.2.2

  • Ktorrent 2.2.3

  • Ktorrent 2.2.4

  • Ktorrent 2.2.5

  • Ktorrent 2.2.6

  • Ktorrent 2.2.7

  • Ktorrent 2.2.8

  • Ktorrent 3.0

  • Ktorrent 3.0.0

  • Ktorrent 3.0.1

  • Ktorrent 3.0.2

  • Ktorrent 3.1.1

  • Ktorrent 3.1.2

  • Ktorrent 3.1.3


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=244741

XF - ktorrent-webinterface-weak-security(46117)

VUPEN - ADV-2008-2911

UBUNTU - USN-711-1

BID - 31927

GENTOO - GLSA-200902-05

SECUNIA - 34003

SECUNIA - 33675

SECUNIA - 32447

SECUNIA - 32442

MLIST - [oss-security] 20090108 CVE request: ktorrent

CONFIRM - http://ktorrent.org/?q=node/23

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178


Last Updated: 27 May 2016 10:48:58