CVE-2009-1760

Published: 11 June 2009

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

Priority

Status

Package	Release	Status
libtorrent-rasterbar Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	intrepid	Ignored (end of life, was needs-triage)
	jaunty	Ignored (end of life)
	karmic	Not vulnerable (0.14.4-1)
	lucid	Not vulnerable (0.14.4-1)
	maverick	Not vulnerable (0.14.4-1)
	upstream	Released (0.14.4)

References

http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/
https://www.cve.org/CVERecord?id=CVE-2009-1760
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.