[PLSA 2008-61] Ktorrent: Security Bypass

[Pınar Yanardağ <pinar () pardus org tr>]

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-61            security () pardus org tr
------------------------------------------------------------------------
      Date: 2008-11-05
  Severity: 1
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been discovered in  KTorrent,  which  can  be 
exploited by malicious users to  compromise  a  vulnerable  system  and 
malicious people to bypass certain security restrictions. 


Description
===========

1) The web interface plugin does not properly restrict  access  to  the 
torrent upload functionality. This can be exploited to upload arbitrary 
torrent files by sending specially crafted HTTP  POST  request  to  the 
affected application. 



2)  The web  interface  plugin  does  not  properly  sanitise  request  
parameters before passing them to the  PHP  interpreter.  This  can  be 
exploited to inject and execute arbitrary PHP code by passing specially 
crafted parameters to the PHP scripts of the web interface. 



Successful exploitation of the vulnerabilities requires  that  the  web 
interface plugin is enabled (not the default setting). 


Affected packages:

  Pardus 2008:
    ktorrent, all before 2.2.7-30-4


Resolution
==========

There are update(s) for ktorrent.  You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up ktorrent

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8566
  * http://secunia.com/advisories/32442/

------------------------------------------------------------------------

-- 
Pardus Security Team
http://security.pardus.org.tr


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/