In association with heise online

28 October 2008, 10:44

New KTorrent version plugs security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

KTorrent version 3.1.4 is the new version of the free BitTorrent client for the KDE and Gnome Linux desktops. The new release of KTorrent fixes some stability problems and plugs a number of security vulnerabilities in the web interface. Secunia, the security services provider, says the latter included the possibility of PHP code being injected into the system and run by the use of crafted parameters, while access restrictions on uploads could be circumvented by specially crafted HTTP POST requests, allowing any Torrent files to be uploaded.

Successful exploitation of the vulnerabilities requires that the web interface plugin be enabled, which is not the default setting in KTorrent. Version 2.x of KTorrent is not affected by these issues.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-737821
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit