Hi, * Giuseppe Iuculano <giuse...@iuculano.it> [2009-05-23 17:03]: [...] > CVE-2009-1759[0]: > | Stack-based buffer overflow in the btFiles::BuildFromMI function > | (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and > | probably earlier, and CTorrent 1.3.4, allows remote attackers to cause > | a denial of service (crash) and possibly execute arbitrary code via a > | Torrent file containing a long path. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 > http://security-tracker.debian.net/tracker/CVE-2009-1759 > Patch: > http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
FWIW, this patch doesn't only fix a buffer overflow but also a directory traversal vulnerability + it is a patch for dtorrent. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpEbKLnBJHQO.pgp
Description: PGP signature
