Date: Thu, 21 May 2009 20:22:21 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: ctorrent ====================================================== Name: CVE-2009-1759 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 Reference: MILW0RM:8470 Reference: URL:http://www.milw0rm.com/exploits/8470 Reference: MLIST:[oss-security] 20090520 CVE request: ctorrent Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/20/3 Reference: CONFIRM:http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch Reference: CONFIRM:http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=501813 Reference: BID:34584 Reference: URL:http://www.securityfocus.com/bid/34584 Reference: SECUNIA:34752 Reference: URL:http://secunia.com/advisories/34752 Reference: VUPEN:ADV-2009-1092 Reference: URL:http://www.vupen.com/english/advisories/2009/1092 Reference: XF:ctorrent-btfiles-bo(49959) Reference: URL:http://xforce.iss.net/xforce/xfdb/49959 Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.