Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1760

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2009-1760
Last Modified 01 Jul 2009 11:31:18
Published 11 Jun 2009 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1760

Summary

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

Vulnerable Systems

Application

  • Rasterbar Software Libtorrent 0

  • Rasterbar Software Libtorrent 0.12

  • Rasterbar Software Libtorrent 0.12.1

  • Rasterbar Software Libtorrent 0.14.3


References

XF - libtorrent-path-element-dir-traversal(51008)

VUPEN - ADV-2009-1534

BID - 35262

BUGTRAQ - 20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456

MISC - http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/

MANDRIVA - MDVSA-2009:139

DEBIAN - DSA-1815

GENTOO - GLSA-200907-14

SECUNIA - 35848

SECUNIA - 35277


Last Updated: 27 May 2016 10:50:40