uTorrent and Official BitTorrent Client Vulnerable to Remote

Discuss the world of file sharing, from philosophy to help with applications.

Moderator: CricketMX Forum Moderators

uTorrent and Official BitTorrent Client Vulnerable to Remote

Postby p2p-sharing-rules » Fri Jan 18, 2008 1:50 am

Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.

So far, the problem appears to affect these clients:

- BitTorrent 6.0 (build 5535)
- uTorrent 1.7.5 (build 4602)
- uTorrent 1.8 (alpha 7834)

Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.

The bug in detail (from Luigi’s site):

"By default both the clients have the “Detailed Info” window active with the “General” section visible in it where are reported various informations about the status of the torrent and the trackers in use.

In this same window near “General” there is also the “Peers” section which is very useful since it showes many informations about the other connected clients like the percentage of availability of the shared torrent, their IP address, country, speed and amount of downloaded and uploaded data and moreover the version of their client (like “BitTorrent 6.0″, “Azureus 3.0.3.4″, “uTorrent 1.7.5″, “KTorrent 2.2.4″ and so on).

When this window is visualized by the user the unicode strings with the software versions of the connected clients are copied in the relative static buffers used for the visualization in the GUI through the wcscpy function.

If this string is too long a crash will occur immediately or in some cases (like on BitTorrent) could happen later or when the user watches the status of another torrent or leaves the “Peers” window. Code execution is not possible.

For exploiting the problem is enough that an external attacker connects to the random port opened on the client and sends the long client version and the SHA1 hash of the torrent currently in use and watched
on the target. Note that all these parameters (client IP, port and torrent’s hash) are
publicly available on the tracker."

The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) which has fixed the issue.

TorrentFreak

Good thing I updated today. :)
User avatar
p2p-sharing-rules
Moderator
Moderator
 
Posts: 8462
Joined: Mon Mar 29, 2004 6:55 pm
Location: Canada

Re: uTorrent and Official BitTorrent Client Vulnerable to Remote

Postby battye » Fri Jan 18, 2008 2:39 am

Hmm, I better upgrade next time I'm using it :shock:

Thanks for bringing that up P2P :)
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14256
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Re: uTorrent and Official BitTorrent Client Vulnerable to Remote

Postby p2p-sharing-rules » Fri Jan 18, 2008 2:41 am

Your welcome , Battye! :)
User avatar
p2p-sharing-rules
Moderator
Moderator
 
Posts: 8462
Joined: Mon Mar 29, 2004 6:55 pm
Location: Canada


Return to P2P File Sharing

Who is online

Users browsing this forum: No registered users and 1 guest

cron