Ubuntu Update For Ktorrent Vulnerability USN-436-2 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-436-2

Solution

Please Install the Updated Packages.

Insight

USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Original advisory details: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.

Affected

ktorrent vulnerability on Ubuntu 6.06 LTS , Ubuntu 6.10 , Ubuntu 7.04

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2007-May/000531.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1799

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Ubuntu Update for cups-filters USN-2143-1
Ubuntu Update for apache2 vulnerabilities USN-1021-1
Ubuntu Update for cpio USN-2456-1
Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for aptdaemon USN-1666-1

Ubuntu Update for ktorrent vulnerability USN-436-2

Take action and discover your vulnerabilities