Multiple Vulnerabilities Discovered in Ktorrent

Discuss the world of file sharing, from philosophy to help with applications.

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
p2p-sharing-rules
Moderator
Moderator
Posts: 8462
Joined: Mon Mar 29, 2004 6:55 pm
Location: Canada

According to Security Focus, Ktorrent versions 2.1.3 and below have a security flaw which allows for the remote execution of arbitrary code.

The vulnerabilities were discovered in the components chunkcounter.cpp and torrent.cpp and can be exploited by getting a user to use a modified torrent file, resulting in the possible control of the OS with the same privileges as the Ktorrent user.

There is currently no work-around for the flaws but the situation can be remedied by upgrading to the latest version of Ktorrent, version 2.1.4.

KTorrent is a BitTorrent client written in C++ for KDE, offering mainline DHT and µTorrent compatible peer exchange, port forwarding via UPnP and protocol encryption for getting round those pesky traffic-shaping ISP's.

KTorrent version 2.2 will be released later this month and will include new features such as multiple tabs, moving finished downloads to another directory, and diskspace preallocation. Another good reason to upgrade!
TorrentFreak
User avatar
nesman
Miracle Worker
Miracle Worker
Posts: 1453
Joined: Thu Jan 15, 2004 8:17 am
Contact:

I guess the silver lining here is that most Ktorrent users are running on systems that will automatically update it in the near future.
Post Reply