Package: torrentflux Version: 2.1-4 Severity: grave Tags: security, confirmed, pending Justification: user security hole
Thanks to Stefan Fritsch for bringing this to my attention. A fix has been prepared and will be uploaded shortly. >From http://www.securityfocus.com/bid/20771 : TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks. TorrentFlux version 2.1 is reported vulnerable; other versions may be affected as well. >From bugtraq email: Dorkfire.com Security Advisory Discovered By: vooduhal (at) gmail (dot) com [email concealed] Type of problem: Directory Traversal Software: TorrentFlux 2.1 Software Description: TorrentFlux is a FREE PHP based Torrent client that runs on a web server. Manage all of your Torrent downloads through a convenient web interface from anywhere. Problem description: The dir.php script doesn't properly sanitize path passed via the "dir" GET variable and also doesn't confirm where it's currently creating a directory list for. Example: http://target/torrentfluxroot/dir.php?dir=\.\./\.\./\.\./etc/ will produce a directory list of /etc/ -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-amd64-k8 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages torrentflux depends on: ii bittornado 0.3.17-1 bittorrent client with enhanced cu ii dbconfig-common 1.8.20 common framework for packaging dat ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy ii libapache2-mod-php5 5.1.4-0.1 server-side, HTML-embedded scripti ii libphp-adodb 4.72-0.1 The 'adodb' database abstraction l ii php5-mysql 5.1.4-0.1 MySQL module for php5 ii python 2.4.3-11 An interactive high-level object-o Versions of packages torrentflux recommends: ii mysql-client 5.0.22-3 mysql database client (current ver ii mysql-client-5.0 [mysql-clien 5.0.22-3 mysql database client binaries -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
