CVE-2008-5905

Related Files

Gentoo Linux Security Advisory 200902-5

Posted Feb 24, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200902-05 - Two vulnerabilities in the web interface plugin in KTorrent allow for remote execution of code and arbitrary torrent uploads. The web interface plugin does not restrict access to the torrent upload functionality and does not sanitize request parameters properly. Versions less than 2.2.8 are affected.

tags | advisory, remote, web, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-5905, CVE-2008-5906

SHA-256 | c4c350dad6019e04a68c9d6410f34768d01ee2a60ff99dbc4ee04ab98e4bc81b

Download | Favorite | View

Ubuntu Security Notice 711-1

Posted Jan 26, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-711-1 - It was discovered that KTorrent did not properly restrict access when using the web interface plugin. A remote attacker could use a crafted http request and upload arbitrary torrent files to trigger the start of downloads and seeding. It was discovered that KTorrent did not properly handle certain parameters when using the web interface plugin. A remote attacker could use crafted http requests to execute arbitrary PHP code.

tags | advisory, remote, web, arbitrary, php

systems | linux, ubuntu

advisories | CVE-2008-5905, CVE-2008-5906

SHA-256 | e5412200111b9d231ff2dbf237f53462e98eff34b2802840cc8d8e25f843b5ea

Download | Favorite | View