Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.64285

Kategorie: Mandrake Local Security Checks

Titel: Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)

Zusammenfassung: The remote host is missing an update to libtorrent-rasterbar;announced via advisory MDVSA-2009:139.

Beschreibung: Summary:
The remote host is missing an update to libtorrent-rasterbar
announced via advisory MDVSA-2009:139.

Vulnerability Insight:
A security vulnerability has been identified and corrected in
libtorrent-rasterbar:

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar
libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge
Torrent, and other applications, allows remote attackers to create
or overwrite arbitrary files via a .. (dot dot) and partial relative
pathname in Multiple File Mode list element in a .torrent file
(CVE-2009-1760).

The updated packages have been patched to prevent this.

Affected: 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1760
BugTraq ID: 35262
http://www.securityfocus.com/bid/35262
Bugtraq: 20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504151/100/0/threaded
Debian Security Information: DSA-1815 (Google Search)
http://www.debian.org/security/2009/dsa-1815
http://security.gentoo.org/glsa/glsa-200907-14.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:139
http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/
http://secunia.com/advisories/35277
http://secunia.com/advisories/35848
http://www.vupen.com/english/advisories/2009/1534
XForce ISS Database: libtorrent-path-element-dir-traversal(51008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51008

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.64285
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Zusammenfassung:	The remote host is missing an update to libtorrent-rasterbar;announced via advisory MDVSA-2009:139.
Beschreibung:	Summary: The remote host is missing an update to libtorrent-rasterbar announced via advisory MDVSA-2009:139. Vulnerability Insight: A security vulnerability has been identified and corrected in libtorrent-rasterbar: Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in Multiple File Mode list element in a .torrent file (CVE-2009-1760). The updated packages have been patched to prevent this. Affected: 2009.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1760 BugTraq ID: 35262 http://www.securityfocus.com/bid/35262 Bugtraq: 20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability (Google Search) http://www.securityfocus.com/archive/1/504151/100/0/threaded Debian Security Information: DSA-1815 (Google Search) http://www.debian.org/security/2009/dsa-1815 http://security.gentoo.org/glsa/glsa-200907-14.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:139 http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/ http://secunia.com/advisories/35277 http://secunia.com/advisories/35848 http://www.vupen.com/english/advisories/2009/1534 XForce ISS Database: libtorrent-path-element-dir-traversal(51008) https://exchange.xforce.ibmcloud.com/vulnerabilities/51008
Copyright	Copyright (C) 2009 E-Soft Inc.