Summary
The remote host is missing an update to ktorrent
announced via advisory USN-711-1.
Solution
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 7.10:
ktorrent 2.2.1-0ubuntu3.1
Ubuntu 8.04 LTS:
ktorrent 2.2.5-0ubuntu1.1
Ubuntu 8.10:
ktorrent 3.1.2+dfsg.1-0ubuntu2.1
After a standard system upgrade you need to restart KTorrent to effect the necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-711-1
Insight
It was discovered that KTorrent did not properly restrict access when using the web interface plugin. A remote attacker could use a crafted http request and upload arbitrary torrent files to trigger the start of downloads and seeding.
(CVE-2008-5905)
It was discovered that KTorrent did not properly handle certain parameters when using the web interface plugin. A remote attacker could use crafted http requests to execute arbitrary PHP code. (CVE-2008-5906)
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for bash USN-2364-1
- Ubuntu Update for cupsys vulnerabilities USN-656-1
- Ubuntu Update for cupsys vulnerabilities USN-563-1
- Ubuntu Update for curl vulnerability USN-484-1