GLSA-200902-05 : KTorrent: Multiple vulnerabilitites

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200902-05
(KTorrent: Multiple vulnerabilitites)

The web interface plugin does not restrict access to the torrent upload
functionality (CVE-2008-5905) and does not sanitize request parameters
properly (CVE-2008-5906) .

Impact :

A remote attacker could send specially crafted parameters to the web
interface that would allow for arbitrary torrent uploads and remote
code execution with the privileges of the KTorrent process.

Workaround :

Disabling the web interface plugin will prevent exploitation of both
issues. Click 'Plugins' in the configuration menu and uncheck the
checkbox left of 'WebInterface', then apply the changes.

See also :

Solution :

All KTorrent users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-p2p/ktorrent-2.2.8'

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 35731 (gentoo_GLSA-200902-05.nasl)

Bugtraq ID: 31927

CVE ID: CVE-2008-5905

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now