Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Transmission can be made to crash remotely
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 12 Feb 2013 17:09:51 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/11/2013 06:47 AM, Jan Lieskovsky wrote:
Hello Yves-Alexis,

to follow up on this one. The source of the issue seems to be
underlying libutp code: [1]
https://trac.transmissionbt.com/ticket/5002#comment:22

more specifically the way how libutp (previously) handled selective
acknowledgements, which resulted in following two (libutp)
patches: [2] https://github.com/bittorrent/libutp/issues/38 [3]
https://github.com/bittorrent/libutp/issues/37

Transmission upstream corrected this issue in v2.74: [4]
https://trac.transmissionbt.com/query?milestone=2.74&group=component&order=severity

 with the following patch: [5]
https://trac.transmissionbt.com/changeset/13646

Ad assigning CVE ids - I think one CVE id is enough. The problem is
in libutp code, and Transmission upstream seems to commit their own
change only due to libutp (un)responsiveness: [6]
https://trac.transmissionbt.com/ticket/5002#comment:32

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
Security Response Team

P.S.: All the links from above at one place are at: [7]
https://bugzilla.redhat.com/show_bug.cgi?id=909934

----- Original Message ----- On dim., 2013-02-10 at 11:50 +0100,
Josselin Mouette wrote:
Package: transmission-daemon Version: 2.52-3 Severity: grave 
Tags: security patch upstream Justification: user security hole

The transmission-daemon package in wheezy crashes regularly.
According to upstream this is a remote security hole (at least a
remote DoS, but most probably there is a way to take control of
the process).

https://trac.transmissionbt.com/ticket/5044 
https://trac.transmissionbt.com/ticket/5002

Apparently there is no CVE assigned. The bug is fixed upstream
and I’m attaching the patch. I’m currently testing a patched
package, and will report whether the fix is sufficient.

Could a CVE be assigned for this?

Thanks in advance, -- Yves-Alexis

Please use CVE-2012-6129  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRGtnOAAoJEBYNRVNeJnmTt20P/39GwILNRCBJUhOR/CYtypJB
5ORIowSXw4tJ0/MqlgTac3wcFfeM9X1GGxsYvfDBc1xVsXdchPBUsccZh5NnzVXQ
bzuQCJFfRg3K4IEcxdyC4jYPxuKCGyk/KN0AZSjer122kXcskMnd2VGPOrgwgq9n
F22j+2rXk9D5YoXAKpQituzJV0+hy9D209rVRyQ/CIEmq7FxNyPsN48x+liBfmwu
XqXmIKPR0XtgK72obIBTiUmQO2C+maptpRBlkqUKHSL+mE+D0mLdAb+BzzU65/Iq
s3ktGniPYuW9lm1QvDSfmWACevT48RHoLEYrOEzxAO47v3NGr0jKOdXwNNK1GvPV
r9MDaPnVee27jpHORhDMPLBnRSWWwGJP51sSZCJtne3RFjeORfiwulk2umkL+27i
L6023aEgur6UwmTtkrpAqLGz7RT8l0r/h1dVB3q4CeaEyAlJyrHggy/Mey1bpqVC
Tz4J6IHxU/SbHPFcBLFG9xpqmfhUDG4jdUP/dSRMeF5LsizLORkKtyhrl+SMLClW
dVcWCJrj1QQOmXrxdpI6W0U6rCnOsJ/UAE1hbxFyFvOeDv7JaF4xmnsuF7OGHTj9
SVegAoQO+fWllQHHRvhtl/I1Ga7MG5qJOI6V0oumyGp4mO+I2j2y3kPAFcblGSfp
wk/1pgPxBMi92k7KPx0+
=ZqrS
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault