Your submission was sent successfully! Close

USN-711-1: KTorrent vulnerabilities

26 January 2009

KTorrent vulnerabilities

Releases

Packages

Details

It was discovered that KTorrent did not properly restrict access when using the
web interface plugin. A remote attacker could use a crafted http request and
upload arbitrary torrent files to trigger the start of downloads and seeding.
(CVE-2008-5905)

It was discovered that KTorrent did not properly handle certain parameters when
using the web interface plugin. A remote attacker could use crafted http
requests to execute arbitrary PHP code. (CVE-2008-5906)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10

After a standard system upgrade you need to restart KTorrent to effect
the necessary changes.