Summary
The remote host is missing an update to libtorrent-rasterbar announced via advisory DSA 1815-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201815-1
Insight
It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
The old stable distribution (etch) doesn't include libtorrent-rasterbar.
For the stable distribution (lenny), this problem has been fixed in version 0.13.1-2+lenny1.
For the unstable distribution (sid), this problem has been fixed in version 0.14.4-1.
We recommend that you upgrade your libtorrent-rasterbar package.
Severity
Classification
-
CVE CVE-2009-1760 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities