[Pkg-kde-extras] Bug#432007: CVE-2007-1799: vulnerability in torrent.cpp
Steffen Joeris
white at debian.org
Fri Jul 6 15:59:22 UTC 2007
Package: ktorrent
Severity: important
Tags: security, patch
Hi mate
Your package is vulnerable in testing and unstable.
The CVE says:
Directory traversal vulnerability in torrent.cpp in KTorrent
before 2.1.3 only checks for the ".." string, which allows
remote attackers to overwrite arbitrary files via modified
".." sequences in a torrent filename, as demonstrated by "../"
sequences.
The patch for the current version is below.
Cheers
Steffen
--- ../../../../old/ktorrent-2.2.0.dfsg.1/libktorrent/torrent/torrent.cpp 2007-07-02 18:48:47.000000000 +0200
+++ torrent.cpp 2007-07-06 17:07:49.000000000 +0200
@@ -165,9 +165,14 @@
throw Error(i18n("Corrupted torrent!"));
QString sd = v->data().toString(encoding);
+ // check for weirdness like .. and / ,
+ // we don't want to write outside the user specified directories
+ if (!sd.contains("/") && !sd.contains(".."))
+ {
path += sd;
if (j + 1 < ln->getNumChildren())
path += bt::DirSeparator();
+ }
}
// we do not want empty dirs
More information about the pkg-kde-extras
mailing list