[Pkg-kde-extras] Bug#503817: KTorrent Web Interface Torrent Upload and PHP Code Injection
Moritz Muehlenhoff
jmm at inutil.org
Mon Nov 17 05:13:55 UTC 2008
On Tue, Oct 28, 2008 at 10:41:33AM +0100, Giuseppe Iuculano wrote:
> Package: ktorrent
> Version: 3.1.1+dfsg.1-1
> Severity: important
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> - From Secunia:
>
> Some vulnerabilities have been discovered in KTorrent, which can be
> exploited by malicious users to compromise a vulnerable system and
> malicious people to bypass certain security restrictions.
>
> 1) The web interface plugin does not properly restrict access to the
> torrent upload functionality. This can be exploited to upload
> arbitrary torrent files by sending specially crafted HTTP POST
> request to the affected application.
>
> 2) The web interface plugin does not properly sanitise request
> parameters before passing them to the PHP interpreter. This can be
> exploited to inject and execute arbitrary PHP code by passing
> specially crafted parameters to the PHP scripts of the web
> interface.
>
> Successful exploitation of the vulnerabilities requires that the web
> interface plugin is enabled (not the default setting).
What's the status of this for Lenny?
Cheers,
Moritz
More information about the pkg-kde-extras
mailing list