Jump to content

BitTorrent and uTorrent Programs contain a DoS bug


digip
 Share

Recommended Posts

A few versions of BitTorrent and uTorrent programs currently contain a DoS bug. As of now, looks like uTorrent is the only one to have released an update(but don't quote me on that, as I only use uTorrent) It seems to be a unicode bug pertaining to long strings. More info from the txt link as well as  POC file:

http://aluigi.altervista.org/adv/ruttorrent-adv.txt

http://aluigi.org/poc/ruttorrent.zip

Upgrade your preferred client if possible or use uTorrent 1.7.6 (build 7859) until your fav client releases a fix. They say no code can be executed in the DoS attack but it is probably only a matter of time before someone finds another way to exploit a unicode bug now that people are aware of it.

The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) which has fixed the issue.

- http://torrentfreak.com/bittorrent-clients...-attack-080117/

Funny related topic: http://hackd.net/2008/01/17/bittorrent-dos...t-for-the-riaa/

Link to comment
Share on other sites

I wouldn't really says this is many. The link in the OP says only µTorrent and BitTorrent are affected. That's only 2. I guess other clients based on the original BitTorrent might be affected as well if they use the affected code unmodified. Maybe BitTornado or something.

Link to comment
Share on other sites

I wouldn't really says this is many. The link in the OP says only µTorrent and BitTorrent are affected. That's only 2. I guess other clients based on the original BitTorrent might be affected as well if they use the affected code unmodified. Maybe BitTornado or something.

Guess I should rephrase that. Many, as in many of the versions of BitTorrent and uTorrent are still vulnerable. Topic edited. Thanks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...