Debian Security Advisory DSA 2988-1 (transmission - Security Update) Network Vulnerability

Summary

Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 2.52-3+nmu2. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your transmission packages.

Insight

Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All its incarnations feature a very simple, intuitive interface on top on an efficient, cross-platform back-end.

Affected

transmission on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2988.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4909

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 007-1 (zope)
Debian Security Advisory DSA 077-1 (squid)
Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 094-1 (mailman)
Debian Security Advisory DSA 1066-1 (phpbb2)

Debian Security Advisory DSA 2988-1 (transmission - security update)

Take action and discover your vulnerabilities