Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Transmission can be made to crash remotely
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 11 Feb 2013 08:47:29 -0500 (EST)

Hello Yves-Alexis,

  to follow up on this one. The source of the issue
seems to be underlying libutp code:
[1] https://trac.transmissionbt.com/ticket/5002#comment:22

more specifically the way how libutp (previously) handled
selective acknowledgements, which resulted in following two
(libutp) patches:
[2] https://github.com/bittorrent/libutp/issues/38
[3] https://github.com/bittorrent/libutp/issues/37

Transmission upstream corrected this issue in v2.74:
[4] https://trac.transmissionbt.com/query?milestone=2.74&group=component&order=severity

with the following patch:
[5] https://trac.transmissionbt.com/changeset/13646

Ad assigning CVE ids - I think one CVE id is enough.
The problem is in libutp code, and Transmission upstream
seems to commit their own change only due to libutp
(un)responsiveness:
[6] https://trac.transmissionbt.com/ticket/5002#comment:32

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: All the links from above at one place are at:
      [7] https://bugzilla.redhat.com/show_bug.cgi?id=909934

----- Original Message -----
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
Package: transmission-daemon
Version: 2.52-3
Severity: grave
Tags: security patch upstream
Justification: user security hole

The transmission-daemon package in wheezy crashes regularly. According 
to upstream this is a remote security hole (at least a remote DoS, but 
most probably there is a way to take control of the process).

https://trac.transmissionbt.com/ticket/5044
https://trac.transmissionbt.com/ticket/5002

Apparently there is no CVE assigned. The bug is fixed upstream and I’m 
attaching the patch. I’m currently testing a patched package, and will 
report whether the fix is sufficient.

Could a CVE be assigned for this?

Thanks in advance,
-- 
Yves-Alexis


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault