PDA

View Full Version : uTorrent Vulnerable to Remote DOS Attack



zatoicchi
18.01.08, 10:57
Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.

So far, the problem appears to affect these clients:

- BitTorrent 6.0 (build 5535)
- uTorrent 1.7.5 (build 4602)
- uTorrent 1.8 (alpha 7834)

Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.



uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack | TorrentFreak (http://torrentfreak.com/bittorrent-clients-vulnerable-to-remote-dos-attack-080117/)

CoreCore
18.01.08, 11:23
hmmm, very interesting. I hope they fix it soon.

update been fixed in v 1.7.6

--- 2008-01-15: Version 1.7.6 (build 7859)
- Change: do not use adapter subnet to identify local peers
- Fix: double-clicking to open items in RSS releases tab
- Fix: remote crash bug (affects all 1.6.x, 1.7.x, and 1.8 builds released to date)
- Fix: limit local peers if disk is congested

StonedAssassin
19.01.08, 09:34
Hopefully people update fast.. I bet the anti-p2p orgs will be all over this...