CVE-2008-5905
Published: 15 January 2009
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.
Priority
Status
Package | Release | Status |
---|---|---|
ktorrent Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(no web plugin in v1.x)
|
gutsy |
Released
(2.2.1-0ubuntu3.1)
|
|
hardy |
Released
(2.2.5-0ubuntu1.1)
|
|
intrepid |
Released
(3.1.2+dfsg.1-0ubuntu2.1)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(3.1.4+dfsg.1-1)
|
|
ktorrent-kde4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(3.1.4+dfsg.1-1)
|
|
ktorrent2.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(2.2.8.dfsg.1-1)
|